none
adding new server 2012 DC in existing 2003 forest RRS feed

  • Question

  • the prerequisites check fails. here is the content of the log file. please help me fix it.

    [2012/12/27:16:27:25.535]
    Adprep created the log file 'C:\Windows\debug\adprep\logs\20121227162725-test\ADPrep.log'
    [2012/12/27:16:27:25.535]
    Adprep successfully initialized global variables.

    [Status/Consequence]

    Adprep is continuing.
    [2012/12/27:16:27:25.545]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.545]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.545]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=AD01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.546]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.546]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.546]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.548]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Infrastructure,DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.548]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.548]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=AD01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.548]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.555]
    Adprep discovered the schema FSMO: AD01.NJ01.IMSTRANSPORT.COM.
    [2012/12/27:16:27:25.559]
    Adprep connected to the schema FSMO: AD01.NJ01.IMSTRANSPORT.COM.
    [2012/12/27:16:27:25.559]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/27:16:27:25.559]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.559]
    Adprep successfully retrieved information from the Active Directory Domain Services.
    [2012/12/27:16:27:25.559]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.560]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/27:16:27:25.560]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/27:16:27:25.560]
    LDAP API ldap_search_ext_s finished, return code is 0x0 
    [2012/12/27:16:27:25.560]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/27:16:27:25.560]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/27:16:27:25.560]
    Adprep does not find the tokenGroups attribute on the RootDSE object of the Active Directory Domain Controller. This attribute is not avaliable on Windows Server 2003 or lower version of Windows. Adprep will try to obtain token groups from the User object.
    [2012/12/27:16:27:25.560]
    The parameters /userdomain and /user are not specified. Using current logon user's domain ...
    [2012/12/27:16:27:25.560]
    The current logon user's domain is NJ01.IMSTRANSPORT.COM.
    [2012/12/27:16:27:25.561]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/27:16:27:25.561]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.561]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.562]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.562]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Benjamin Green,OU=IT,DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.563]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/27:16:27:25.569]
    Adprep discovered the Infrastructure FSMO: AD01.NJ01.IMSTRANSPORT.COM.
    [2012/12/27:16:27:25.572]
    Adprep connected to the Infrastructure FSMO: AD01.NJ01.IMSTRANSPORT.COM.
    [2012/12/27:16:27:25.572]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/27:16:27:25.572]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.572]
    Adprep successfully retrieved information from the Active Directory Domain Services.
    [2012/12/27:16:27:25.572]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.573]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/27:16:27:25.573]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/27:16:27:25.573]
    LDAP API ldap_search_ext_s finished, return code is 0x0 
    [2012/12/27:16:27:25.573]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/27:16:27:25.573]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/27:16:27:25.574]
    Adprep does not find the tokenGroups attribute on the RootDSE object of the Active Directory Domain Controller. This attribute is not avaliable on Windows Server 2003 or lower version of Windows. Adprep will try to obtain token groups from the User object.
    [2012/12/27:16:27:25.574]
    The parameters /userdomain and /user are not specified. Using current logon user's domain ...
    [2012/12/27:16:27:25.574]
    The current logon user's domain is NJ01.IMSTRANSPORT.COM.
    [2012/12/27:16:27:25.574]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/27:16:27:25.575]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.575]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.575]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.575]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Benjamin Green,OU=IT,DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.576]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/27:16:27:25.591]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/27:16:27:25.592]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.592]
    Adprep successfully retrieved information from the Active Directory Domain Services.
    [2012/12/27:16:27:25.592]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=UID,CN=Schema,CN=Configuration,DC=NJ01,DC=IMSTRANSPORT,DC=COM.
    [2012/12/27:16:27:25.592]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/27:16:27:25.592]
    Adprep successfully determined whether Microsoft Windows Services for UNIX (SFU) is installed or not. If adprep detected SFU, adprep also verified that Microsoft hotfix Q293783 for SFU has been applied.
    [2012/12/27:16:27:25.611]
    Adprep could not retrieve data from the server AD01.NJ01.IMSTRANSPORT.COM through Windows Managment Instrumentation (WMI).

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20121227162725-test directory for possible cause of failure.
    [2012/12/27:16:27:25.611]
    Adprep encountered a Win32 error. 

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    [2012/12/27:16:27:25.611]
    Adprep failed while performing Exchange schema check.

    [Status/Consequence]

    The Active Directory Domain Services schema is not upgraded.

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20121227162725-test directory for possible cause of failure.
    [2012/12/27:16:27:25.611]
    Adprep encountered a Win32 error. 

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384


    • Moved by Santosh BhandarkarModerator Friday, December 28, 2012 5:31 PM Moving this thread to more appropriate forum (From:Windows Server 2012 General)
    Thursday, December 27, 2012 9:33 PM

Answers

  • i got it working all i had to do was install a server 2008 Domain Controller and then making the server 2012 a domain controller worked. now we are using 2 server 2012 Domain Controllers and no server 2003  domain controllers. also we removed the server 2008 DC and it still works fine so thank you all.
    • Marked as answer by bgreen-ims Tuesday, January 15, 2013 2:32 PM
    Tuesday, January 15, 2013 2:32 PM
  • i think the problem might be on the current PDC's configuration and not a configuration setting on the 2012
    • Marked as answer by 朱鸿文 Thursday, January 10, 2013 3:44 AM
    Wednesday, January 2, 2013 5:27 PM

All replies

  • this is from the actual Active Directory Domain Services Configuration wizard.

    Verification of prerequisites for Active Directory preparation failed. Unable to perform Exchange schema conflict check for domain <Domain Name>.
    Exception: Access is denied.
    Adprep could not retrieve data from the server <DC Name>.<Domain Name> through Windows Managment Instrumentation (WMI).
    [User Action]
    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20121227173719-test directory for possible cause of failure.

    names of domain controller and domain have been removed

    what is causing this?? the other domain controllers are server 2003

    Thursday, December 27, 2012 10:40 PM
  • Make sure that the server 2012 is already an member of the domain before upgrading it to an domain controller.

    To use an server 2012 domain in an 2003 envoirment you need to run adprep its located on the server 2012 disk ..\support\adprep

    When everything is looking fine your adprep will show you this.

    PS C:\Users\Administrator> D:\support\adprep\adprep.exe /forestprep

    ADPREP WARNING:

    Before running adprep, all Windows Active Directory Domain Controllers in the forest must run Windows Server 2003 or lat
    er.

    You are about to upgrade the schema for the Active Directory forest named 'domain', using the Active Directory
     domain controller (schema master) 'SRV2012SRV01.domain.local'.
    This operation cannot be reversed after it completes.

    [User Action]
    If all domain controllers in the forest run Windows Server 2003 or later and you want to upgrade the schema, confirm by
    typing 'C' and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.

    Then start server manager and click 'Add roles and features' and install the needed services.

    Friday, December 28, 2012 10:58 AM
  • Make sure that the server 2012 is already an member of the domain before upgrading it to an domain controller.

    To use an server 2012 domain in an 2003 envoirment you need to run adprep its located on the server 2012 disk ..\support\adprep

    When everything is looking fine your adprep will show you this.

    PS C:\Users\Administrator> D:\support\adprep\adprep.exe /forestprep

    ADPREP WARNING:

    Before running adprep, all Windows Active Directory Domain Controllers in the forest must run Windows Server 2003 or lat
    er.

    You are about to upgrade the schema for the Active Directory forest named 'domain', using the Active Directory
     domain controller (schema master) 'SRV2012SRV01.domain.local'.
    This operation cannot be reversed after it completes.

    [User Action]
    If all domain controllers in the forest run Windows Server 2003 or later and you want to upgrade the schema, confirm by
    typing 'C' and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.

    Then start server manager and click 'Add roles and features' and install the needed services.

    this will work for adding the server 2012 as a new domain controller in an existing domain??


    • Edited by bgreen-ims Friday, December 28, 2012 2:00 PM
    Friday, December 28, 2012 1:58 PM
  • Make sure that the server 2012 is already an member of the domain before upgrading it to an domain controller.

    To use an server 2012 domain in an 2003 envoirment you need to run adprep its located on the server 2012 disk ..\support\adprep

    When everything is looking fine your adprep will show you this.

    PS C:\Users\Administrator> D:\support\adprep\adprep.exe /forestprep

    ADPREP WARNING:

    Before running adprep, all Windows Active Directory Domain Controllers in the forest must run Windows Server 2003 or lat
    er.

    You are about to upgrade the schema for the Active Directory forest named 'domain', using the Active Directory
     domain controller (schema master) 'SRV2012SRV01.domain.local'.
    This operation cannot be reversed after it completes.

    [User Action]
    If all domain controllers in the forest run Windows Server 2003 or later and you want to upgrade the schema, confirm by
    typing 'C' and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.

    Then start server manager and click 'Add roles and features' and install the needed services.

    it did not work. here is the contents of the log. 

    [2012/12/28:09:44:36.122]
    Adprep created the log file 'C:\Windows\debug\adprep\logs\20121228094436\ADPrep.log'
    [2012/12/28:09:44:36.122]
    Adprep successfully initialized global variables.

    [Status/Consequence]

    Adprep is continuing.
    [2012/12/28:09:44:36.193]
    Adprep discovered the schema FSMO: <DC>.<DOMAIN NAME>.
    [2012/12/28:09:44:36.302]
    Adprep connected to the schema FSMO: <DOMAIN NAME>.
    [2012/12/28:09:44:36.302]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/28:09:44:36.303]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/28:09:44:36.303]
    Adprep successfully retrieved information from the Active Directory Domain Services.
    [2012/12/28:09:44:36.303]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=<DOMAIN>,DC=<DOMAIN>,DC=COM.
    [2012/12/28:09:44:36.303]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/28:09:44:36.303]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/28:09:44:36.303]
    LDAP API ldap_search_ext_s finished, return code is 0x0 
    [2012/12/28:09:44:36.303]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/28:09:44:36.304]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/28:09:44:36.304]
    Adprep does not find the tokenGroups attribute on the RootDSE object of the Active Directory Domain Controller. This attribute is not avaliable on Windows Server 2003 or lower version of Windows. Adprep will try to obtain token groups from the User object.
    [2012/12/28:09:44:36.304]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/28:09:44:36.305]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/28:09:44:36.305]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=<DOMAIN>,DC=<DOMAIN>,DC=COM.
    [2012/12/28:09:44:36.305]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/28:09:44:36.305]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=<DOMAIN>,DC=<DOMAIN>,DC=COM.
    [2012/12/28:09:44:36.306]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/28:09:44:36.306]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=<NAME>,OU=<OU>,DC=<DOMAIN>,DC=<DOMAIN>,DC=COM.
    [2012/12/28:09:44:36.307]
    LDAP API ldap_search_s finished, return code is 0x0 
    [2012/12/28:09:44:36.346]
    Adprep successfully logged on to the local machine using the specified credentials for network connections.
    [2012/12/28:09:44:36.346]
    Adprep successfully made the network connection to the Active Directory Domain Controller <DC>.<DOMAIN>.<DOMAIN NAME>.COM.
    [2012/12/28:09:44:36.376]
    Adprep successfully stopped using the specified credentials for network connections.
    [2012/12/28:09:44:36.377]
    Adprep successfully closed the network connection to the Active Directory Domain Controller <DC>.<DOMAIN>.<DOMAIN NAME>.COM.
    [2012/12/28:09:44:36.380]
    Adprep discovered the schema FSMO: <DC>.<DOMAIN>.<DOMAIN NAME>.COM.
    [2012/12/28:09:44:36.384]
    Adprep connected to the schema FSMO: <DC>.<DOMAIN>.<DOMAIN NAME>.COM.
    [2012/12/28:09:44:36.386]
    Adprep successfully logged on to the local machine using the specified credentials for network connections.
    [2012/12/28:09:44:36.386]
    Adprep successfully made the network connection to the Active Directory Domain Controller <DC>.<DOMAIN>.<DOMAIN NAME>.COM.
    [2012/12/28:09:44:36.428]


    ADPREP WARNING: 



    Before running adprep, all Windows Active Directory Domain Controllers in the forest must run Windows Server 2003 or later.



    You are about to upgrade the schema for the Active Directory forest named '<DOMAIN>.<DOMAIN NAME>.COM.', using the Active Directory domain controller (schema master) '<DC>.<DOMAIN>.<DOMAIN NAME>.COM.'.

    This operation cannot be reversed after it completes.



    [User Action]

    If all domain controllers in the forest run Windows Server 2003 or later and you want to upgrade the schema, confirm by typing 'C' and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.
    [2012/12/28:09:44:40.475]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=<DOMAIN>,DC=<DOMAIN NAME>,DC=COM.
    [2012/12/28:09:44:40.475]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/28:09:44:40.475]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=<DC>,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<DOMAIN>,DC=<DOMAIN NAME>,DC=COM.
    [2012/12/28:09:44:40.475]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/28:09:44:40.476]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=<DOMAIN>,DC=<DOMAIN NAME>,DC=COM.
    [2012/12/28:09:44:40.476]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/28:09:44:40.476]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
    [2012/12/28:09:44:40.477]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/28:09:44:40.477]
    Adprep successfully retrieved information from the Active Directory Domain Services.
    [2012/12/28:09:44:40.477]
    Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=UID,CN=Schema,CN=Configuration,DC=<DOMAIN>,DC=<DOMAIN NAME>,DC=COM.
    [2012/12/28:09:44:40.477]
    LDAP API ldap_search_s() finished, return code is 0x0 
    [2012/12/28:09:44:40.477]
    Adprep successfully determined whether Microsoft Windows Services for UNIX (SFU) is installed or not. If adprep detected SFU, adprep also verified that Microsoft hotfix Q293783 for SFU has been applied.
    [2012/12/28:09:44:40.512]
    Adprep could not retrieve data from the server <DC>.<DOMAIN>.<DOMAIN NAME>.COM through Windows Managment Instrumentation (WMI).

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20121228094436 directory for possible cause of failure.
    [2012/12/28:09:44:40.519]
    Adprep encountered a Win32 error. 

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    [2012/12/28:09:44:40.541]
    Adprep failed while performing Exchange schema check.

    [Status/Consequence]

    The Active Directory Domain Services schema is not upgraded.

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20121228094436 directory for possible cause of failure.
    [2012/12/28:09:44:40.549]
    Adprep encountered a Win32 error. 

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    [2012/12/28:09:44:40.549]
    Adprep successfully stopped using the specified credentials for network connections.
    [2012/12/28:09:44:40.550]
    Adprep successfully closed the network connection to the Active Directory Domain Controller <DC>.<DOMAIN>.<DOMAIN NAME>.COM.

    Looks like the problem is that

    Adprep could not retrieve data from the server <DC>.<DOMAIN>.<DOMAIN NAME>.COM through Windows Managment Instrumentation (WMI).

    how do i fix this so it will work??

    the other two domain controllers are running windows server 2003 32-bit operating systems.

    could the cause of this problem be that the server 2012 is 64-bit and the server 2003 machines are 32-bit???

    Friday, December 28, 2012 3:02 PM
  • You get an acces denied message.

    Where you able to join the domain with the 2012 server?

    And are you logged in with an Administrator account?

    Friday, December 28, 2012 4:51 PM
  • Adprep could not retrieve data from the server <DC>.<DOMAIN>.<DOMAIN NAME>.COM through Windows Managment Instrumentation (WMI).

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20121228094436 directory for possible cause of failure.
    [2012/12/28:09:44:40.519]
    Adprep encountered a Win32 error. 

    Error code: 0x5 Error message: Access is denied.

    it is on the domain, and i am logged in with an administrator account


    • Edited by bgreen-ims Friday, December 28, 2012 5:15 PM
    Friday, December 28, 2012 5:15 PM
  • Edit your Default Domain controller policy and add Network Service in "Log on as a service" policy object.

    Also, make sure the following

    1. Windows firewall is turned off your 2003 DC which holds Schema Master role.
    2. Disable any AV or security software temporarily during schema update.
    3. Use Domain/Enterprise Admin account for schema update  while introducing new DC.
    4. Make sure necessary ports are opened/allowed on firewall (Active Directory and Active Directory Domain Services Port Requirements)
    5. RPC, WMI and their related services are running on your 2003 DC which holds Schema Master role.

    Regards, Santosh

    I do not represent the organisation I work for, all the opinions expressed here are my own.

    This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Whenever you see a helpful reply, click on Alternate Text Vote As Helpful & click on Alternate Text Mark As Answer if a post answers your question.

    Friday, December 28, 2012 5:51 PM
    Moderator
  • See below link add the NETWORK SERVICE as part of the SeServiceLogonRight ("Logon as a service") right back to the Default Domain Controllers policy and examine Windows Firewall on the existing domain controllers.

    Unable to perform Exchange schema conflict check" error, and prerequisites check fails
    http://support.microsoft.com/kb/2737560

    Add the Win2012 Server to domain and use schema/enterprise/domain admin user id to promote the server.
    http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/6413e8dc-ec08-4aa3-9658-5ca024aa8b80/

    Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. It could be due to AV(McAfee,Symantec, Trend, etc) or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

    Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, December 29, 2012 2:37 AM
  • In addition have a look.

    http://social.technet.microsoft.com/wiki/contents/articles/13422.schema-upgrade-for-windows-server-2012.aspx


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Monday, December 31, 2012 8:05 AM
  • See below link add the NETWORK SERVICE as part of the SeServiceLogonRight ("Logon as a service") right back to the Default Domain Controllers policy and examine Windows Firewall on the existing domain controllers.

    Unable to perform Exchange schema conflict check" error, and prerequisites check fails
    http://support.microsoft.com/kb/2737560

    Add the Win2012 Server to domain and use schema/enterprise/domain admin user id to promote the server.
    http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/6413e8dc-ec08-4aa3-9658-5ca024aa8b80/

    Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. It could be due to AV(McAfee,Symantec, Trend, etc) or 3rd party security application which act as firewall and block AD communuctaion.AV like Symantec,trend,etc have new features to "protect network traffic".Please check AV setting and disable the same if defined.

    Disable Windows Firewall: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Unable to perform Exchange schema conflict check" error, and prerequisites check fails
    http://support.microsoft.com/kb/2737560

    this is not the problem. the RPC server is not the problem. if you look at the log i posted it says 

    Adprep could not retrieve data from the server <DC>.<DOMAIN>.<DOMAIN NAME>.COM through Windows Managment Instrumentation (WMI).

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20121228094436 directory for possible cause of failure.
    [2012/12/28:09:44:40.519]
    Adprep encountered a Win32 error. 

    Error code: 0x5 Error message: Access is denied.

    nothing to do with the RPC server.

     
    Monday, December 31, 2012 2:15 PM
  • In addition have a look.

    http://social.technet.microsoft.com/wiki/contents/articles/13422.schema-upgrade-for-windows-server-2012.aspx


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    did not help. i am wondering if it is getting this 

    Verification of prerequisites for Active Directory preparation failed. Unable to perform Exchange schema conflict check for domain.     <DOMAIN>.<DOMAIN NAME>.COM.
    Exception: Access is denied.
    Adprep could not retrieve data from the server <DC>.<DOMAIN>.<DOMAIN NAME>.COM through Windows Managment Instrumentation (WMI).
    [User Action]
    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20121231093208-test directory for possible cause of failure.

    because the server 2003 Domain Controllers are 32-bit

    Monday, December 31, 2012 2:34 PM
  • In addition have a look.

    http://social.technet.microsoft.com/wiki/contents/articles/13422.schema-upgrade-for-windows-server-2012.aspx


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    did not help. i am wondering if it is getting this 

    Verification of prerequisites for Active Directory preparation failed. Unable to perform Exchange schema conflict check for domain.     <DOMAIN>.<DOMAIN NAME>.COM.
    Exception: Access is denied.
    Adprep could not retrieve data from the server <DC>.<DOMAIN>.<DOMAIN NAME>.COM through Windows Managment Instrumentation (WMI).
    [User Action]
    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20121231093208-test directory for possible cause of failure.

    because the server 2003 Domain Controllers are 32-bit

    why is this not working it keeps getting Exception: Access is denied

    what is causing this all the proper ports are open all the proper services are running and the NETWORK SERVICE is in the SeServiceLogonRight ("Logon as a service") and it is running, but it still does not work. what could cause this. is it cross platform incompatibility between the 32-bit server 2003 and the 64-bit server 2012??

    Monday, December 31, 2012 3:25 PM
  • is it possible it is failing because the PDC is server 2003 standard R2 and not 2003 enterprise
    Monday, December 31, 2012 4:29 PM
  • No that is not the problem. Manual schema upgrade is not required for 2012. That is integrated with DC deployment.

    Below ports should be opened  in all the DCs for AD/DNS.

    Service

    Port/protocol

    RPC endpoint   mapper

    135/tcp, 135/udp

    Network basic input/output   system (NetBIOS) name service

    137/tcp, 137/udp

    NetBIOS datagram   service

    138/udp

    NetBIOS session   service

    139/tcp

    RPC dynamic   assignment

    Win   2k/2003:1024-65535/tcp
      Win 2008+:49152-65535/tcp

    Server message   block (SMB) over IP (Microsoft-DS)

    445/tcp, 445/udp

    Lightweight   Directory Access Protocol (LDAP)

    389/tcp

    LDAP ping

    389/udp

    LDAP over SSL

    636/tcp

    Global catalog   LDAP

    3268/tcp

    Global catalog   LDAP over SSL

    3269/tcp

    Kerberos

    88/tcp, 88/udp

    Domain Name   Service (DNS)

    53/tcp1, 53/udp

    Use port query for that.

    http://www.microsoft.com/en-in/download/details.aspx?id=17148


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Tuesday, January 1, 2013 4:07 AM
  • is it possible it is failing because the PDC is server 2003 standard R2 and not 2003 enterprise

    Hi,

    Having PDC role on Win2003 std edition is not the problem.You are getting access is denied which seems to be permission issue.Verify the current logged on user is a member of Domain Admins Group, Enterprise Admins group and Schema Admins group.Also check the health of current DC by running dcdiag /q and repadmin /replsum and post the log if error is reported.

    Also add the NETWORK SERVICE as part of the SeServiceLogonRight ("Logon as a service") to the Default Domain Controllers policy if not added.

    Troubleshooting ADPREP Errors: http://blogs.technet.com/b/askds/archive/2008/12/15/troubleshooting-adprep-errors.aspx

    For Active Directory Firewall Ports - http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx

    Temporarly disable AV and windows firewall too 

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Tuesday, January 1, 2013 11:44 AM
  • this is part of the log file as you can see the problem is that

    [2013/01/02:11:55:44.290]
    Adprep could not retrieve data from the server AD01.NJ01.IMSTRANSPORT.COM through Windows Managment Instrumentation (WMI).

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130102115541 directory for possible cause of failure.
    [2013/01/02:11:55:44.297]
    Adprep encountered a Win32 error. 

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    [2013/01/02:11:55:44.318]
    Adprep failed while performing Exchange schema check.

    [Status/Consequence]

    The Active Directory Domain Services schema is not upgraded.

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130102115541 directory for possible cause of failure.
    [2013/01/02:11:55:44.326]
    Adprep encountered a Win32 error. 

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    so what is causing this to not work??

    i am a enterprise/domain/schema admin so why is it not working?? i have all the rights i need so why wont it work???

    Wednesday, January 2, 2013 5:03 PM
  • i think the problem might be on the current PDC's configuration and not a configuration setting on the 2012
    • Marked as answer by 朱鸿文 Thursday, January 10, 2013 3:44 AM
    Wednesday, January 2, 2013 5:27 PM
  • see:
    ("Unable to perform Exchange schema conflict check" error, and prerequisites check fails) <o:p></o:p>

    Cheers,<o:p></o:p>


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <o:p></o:p>

    "bgreen-ims" wrote in message news:1f9cf852-86ea-4651-9968-61e02b11f490@communitybridge.codeplex.com...

    this is part of the log file as you can see the problem is that

    [2013/01/02:11:55:44.290]
    Adprep could not retrieve data from the server AD01.NJ01.IMSTRANSPORT.COM through Windows Managment Instrumentation (WMI).

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130102115541 directory for possible cause of failure.
    [2013/01/02:11:55:44.297]
    Adprep encountered a Win32 error.

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    [2013/01/02:11:55:44.318]
    Adprep failed while performing Exchange schema check.

    [Status/Consequence]

    The Active Directory Domain Services schema is not upgraded.

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130102115541 directory for possible cause of failure.
    [2013/01/02:11:55:44.326]
    Adprep encountered a Win32 error.

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    so what is causing this to not work??

    i am a enterprise/domain/schema admin so why is it not working?? i have all the rights i need so why wont it work???


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    Wednesday, January 2, 2013 9:34 PM
    Moderator
  • see:
    ("Unable to perform Exchange schema conflict check" error, and prerequisites check fails) <o:p></o:p>

    Cheers,<o:p></o:p>


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <o:p></o:p>

    "bgreen-ims" wrote in message news:1f9cf852-86ea-4651-9968-61e02b11f490@communitybridge.codeplex.com...

    this is part of the log file as you can see the problem is that

    [2013/01/02:11:55:44.290]
    Adprep could not retrieve data from the server AD01.NJ01.IMSTRANSPORT.COM through Windows Managment Instrumentation (WMI).

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130102115541 directory for possible cause of failure.
    [2013/01/02:11:55:44.297]
    Adprep encountered a Win32 error.

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    [2013/01/02:11:55:44.318]
    Adprep failed while performing Exchange schema check.

    [Status/Consequence]

    The Active Directory Domain Services schema is not upgraded.

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130102115541 directory for possible cause of failure.
    [2013/01/02:11:55:44.326]
    Adprep encountered a Win32 error.

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    so what is causing this to not work??

    i am a enterprise/domain/schema admin so why is it not working?? i have all the rights i need so why wont it work???


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    the problem with that one is that the error is 

    [2012/07/24:09:50:21.734]Adprep failed while performing Exchange schema check.[Status/Consequence]The Active Directory Domain Services schema is not upgraded.[User Action]Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20120724094831-test directory for possible cause of failure.[2012/07/24:09:50:21.734]Adprep encountered a Win32 error. Error code: 0x6ba Error message: The RPC server is unavailable.DSID Info:DSID: 0x1810012aHRESULT = 0x800706baNT BUILD: 8517

    and not

    Adprep could not retrieve data from the server AD01.NJ01.IMSTRANSPORT.COM through Windows Managment Instrumentation (WMI).

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130102115541 directory for possible cause of failure.
    [2013/01/02:11:55:44.297]
    Adprep encountered a Win32 error. 

    Error code: 0x5 Error message: Access is denied.

    Wednesday, January 2, 2013 9:46 PM
  • see:
    ("Unable to perform Exchange schema conflict check" error, and prerequisites check fails) <o:p></o:p>

    Cheers,<o:p></o:p>


    (HOPEFULLY THIS INFORMATION HELPS YOU!)
    Jorge de Almeida Pinto | MVP Identity & Access - Directory Services

    -------------------------------------------------------------------------------------------------------
    * This posting is provided "AS IS" with no warranties and confers no rights!
    * Always evaluate/test yourself before using/implementing this!
    * DISCLAIMER:
    http://jorgequestforknowledge.wordpress.com/disclaimer/
    -------------------------------------------------------------------------------------------------------
    ################# Jorge's Quest For Knowledge ###############
    ###### BLOG URL:
    http://JorgeQuestForKnowledge.wordpress.com/ #####
    #### RSS Feed URL:
    http://jorgequestforknowledge.wordpress.com/feed/ ####
    -------------------------------------------------------------------------------------------------------
    <o:p></o:p>

    "bgreen-ims" wrote in message news:1f9cf852-86ea-4651-9968-61e02b11f490@communitybridge.codeplex.com...

    this is part of the log file as you can see the problem is that

    [2013/01/02:11:55:44.290]
    Adprep could not retrieve data from the server AD01.NJ01.IMSTRANSPORT.COM through Windows Managment Instrumentation (WMI).

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130102115541 directory for possible cause of failure.
    [2013/01/02:11:55:44.297]
    Adprep encountered a Win32 error.

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    [2013/01/02:11:55:44.318]
    Adprep failed while performing Exchange schema check.

    [Status/Consequence]

    The Active Directory Domain Services schema is not upgraded.

    [User Action]

    Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130102115541 directory for possible cause of failure.
    [2013/01/02:11:55:44.326]
    Adprep encountered a Win32 error.

    Error code: 0x5 Error message: Access is denied.


    DSID Info:
    DSID: 0x1810012a
    HRESULT = 0x80070005
    NT BUILD: 9200
    NT BUILD: 16384

    so what is causing this to not work??

    i am a enterprise/domain/schema admin so why is it not working?? i have all the rights i need so why wont it work???


    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG: http://jorgequestforknowledge.wordpress.com/
    plus all that stuff has been done
    Wednesday, January 2, 2013 9:47 PM
  • i got it working all i had to do was install a server 2008 Domain Controller and then making the server 2012 a domain controller worked. now we are using 2 server 2012 Domain Controllers and no server 2003  domain controllers. also we removed the server 2008 DC and it still works fine so thank you all.
    • Marked as answer by bgreen-ims Tuesday, January 15, 2013 2:32 PM
    Tuesday, January 15, 2013 2:32 PM
  • I ran into this issue only my error was slightly different:

    Verification of Prerequisites for Active Directory Preparation Failed. Unable to perform schema conflict check for domain domain.com

    Exception: Initialization Failure.

    My fix was to move the FSMO roles onto a different 2003 domain controller, and re-run the forest prep on 2012.


    http://jaworskiblog.com


    • Proposed as answer by Scott Jaworski Wednesday, September 25, 2013 7:42 PM
    • Edited by Scott Jaworski Wednesday, September 25, 2013 7:43 PM typo
    Wednesday, September 25, 2013 7:42 PM
  • This solution worked for us as well. Prereq error was related to Exchange Schema.

    Moved 5 FSMO to secondary DC and Exchange server, passed.

    THANK YOU!

    Tuesday, December 31, 2013 10:01 PM