My AD has only one DC which is using windows 2K3 STD SP2 . I want to add a windows 2k8 r2 DC.
But there is an error when i use the "adprep32 /forest" at the 2K3 SRV.
Here is some information about my error:
ADPREP WARNING:
Before running adprep, all Windows 2000 Active Directory Domain Controllers in the forest should be upgraded to Windows 2000 Service Pack 4 (SP4) or later.
[User Action]
If ALL your existing Windows 2000 Active Directory Domain Controllers meet this requirement, type C and then press ENTER to continue. Otherwise, type any other key and press ENTER to quit.
C
Adprep was unable to check the forest update status.
[Status/Consequence]
Adprep queries the directory to see if the forest has already been prepared. If the information is unavailable or unknown, Adprep proceeds without attempting this operation.
[User Action]
Restart Adprep and check the ADPrep.log file. Verify in the log file that this forest has already been successfully prepared.
Adprep encountered an LDAP error.
Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea'
.
When i run <dcdiag /V>, i got this message:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine
HKEAAD02, is a DC.
* Connecting to directory service on server HKEAAD02.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\HKEAAD02
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... HKEAAD02 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HKEAAD02
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=hkea
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=hkea
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=hkea
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... HKEAAD02 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC HKEAAD02.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=hkea
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=hkea
(Configuration,Version 2)
* Security Permissions Check for
DC=hkea
(Domain,Version 2)
......................... HKEAAD02 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share
\\HKEAAD02\netlogon
Verified share
\\HKEAAD02\sysvol
......................... HKEAAD02 passed test NetLogons
Starting test: Advertising
The DC HKEAAD02 is advertising itself as a DC and having a DS.
The DC HKEAAD02 is advertising as an LDAP server
The DC HKEAAD02 is advertising as having a writeable directory
The DC HKEAAD02 is advertising as a Key Distribution Center
The DC HKEAAD02 is advertising as a time server
The DS HKEAAD02 is advertising as a GC.
......................... HKEAAD02 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings\0ADEL:d80d9383-1dc1-4bca-b58f-edc341d55522,CN=engineering\0ADEL:9a8ad145-5479-44c6-ba55-80af38884404,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
Warning: CN=NTDS Settings\0ADEL:d80d9383-1dc1-4bca-b58f-edc341d55522,CN=engineering\0ADEL:9a8ad145-5479-44c6-ba55-80af38884404,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea is the Schema
Owner, but is deleted.
Role Domain Owner = CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
Role PDC Owner = CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
Role Rid Owner = CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
Role Infrastructure Update Owner = CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
......................... HKEAAD02 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6606 to 1073741823
* HKEAAD02.hkea is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6106 to 6605
* rIDPreviousAllocationPool is 6106 to 6605
* rIDNextRID: 6114
......................... HKEAAD02 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC HKEAAD02 on DC HKEAAD02.
* SPN found :LDAP/HKEAAD02.hkea/hkea
* SPN found :LDAP/HKEAAD02.hkea
* SPN found :LDAP/HKEAAD02
* SPN found :LDAP/HKEAAD02.hkea/HKEA
* SPN found :LDAP/507a6c35-4f60-4691-a7a0-e63da0e93946._msdcs.hkea
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/507a6c35-4f60-4691-a7a0-e63da0e93946/hkea
* SPN found :HOST/HKEAAD02.hkea/hkea
* SPN found :HOST/HKEAAD02.hkea
* SPN found :HOST/HKEAAD02
* SPN found :HOST/HKEAAD02.hkea/HKEA
* SPN found :GC/HKEAAD02.hkea/hkea
......................... HKEAAD02 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... HKEAAD02 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
HKEAAD02 is in domain DC=hkea
Checking for CN=HKEAAD02,OU=Domain Controllers,DC=hkea in domain DC=hkea on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea in domain CN=Configuration,DC=hkea on 1 servers
Object is up-to-date on all servers.
......................... HKEAAD02 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service
SYSVOL ready test
File Replication Service's SYSVOL
is ready
......................... HKEAAD02 passed test frssysvol
Starting test: frsevent
* The File Replication Service
Event log test
......................... HKEAAD02 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... HKEAAD02 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... HKEAAD02 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference
(serverReference)
CN=HKEAAD02,OU=Domain Controllers,DC=hkea
and backlink on
CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
are correct.
The system object reference
(frsComputerReferenceBL)
CN=HKEAAD02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hkea
and backlink on
CN=HKEAAD02,OU=Domain Controllers,DC=hkea
are correct.
The system object reference
(serverReferenceBL)
CN=HKEAAD02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hkea
and backlink on
CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
are correct.
......................... HKEAAD02 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : hkea
Starting test: CrossRefValidation
......................... hkea passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... hkea passed test CheckSDRefDom
Running enterprise tests on : hkea
Starting test: Intersite
Skipping site
Default-First-Site-Name, this site
is outside the scope provided by
the command line arguments
provided.
Skipping site HKEASITE01, this
site is outside the scope provided
by the command line arguments
provided.
......................... hkea passed test Intersite
Starting test: FsmoCheck
GC Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
PDC Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
Time Server Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
Preferred Time Server Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
KDC Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
......................... hkea passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine
HKEAAD02, is a DC.
* Connecting to directory service on server HKEAAD02.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\HKEAAD02
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... HKEAAD02 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HKEAAD02
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=hkea
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
CN=Configuration,DC=hkea
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
DC=hkea
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency
information (Win2K DC).
* Replication Site Latency Check
......................... HKEAAD02 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC HKEAAD02.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=hkea
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=hkea
(Configuration,Version 2)
* Security Permissions Check for
DC=hkea
(Domain,Version 2)
......................... HKEAAD02 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share
\\HKEAAD02\netlogon
Verified share
\\HKEAAD02\sysvol
......................... HKEAAD02 passed test NetLogons
Starting test: Advertising
The DC HKEAAD02 is advertising itself as a DC and having a DS.
The DC HKEAAD02 is advertising as an LDAP server
The DC HKEAAD02 is advertising as having a writeable directory
The DC HKEAAD02 is advertising as a Key Distribution Center
The DC HKEAAD02 is advertising as a time server
The DS HKEAAD02 is advertising as a GC.
......................... HKEAAD02 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings\0ADEL:d80d9383-1dc1-4bca-b58f-edc341d55522,CN=engineering\0ADEL:9a8ad145-5479-44c6-ba55-80af38884404,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
Warning: CN=NTDS Settings\0ADEL:d80d9383-1dc1-4bca-b58f-edc341d55522,CN=engineering\0ADEL:9a8ad145-5479-44c6-ba55-80af38884404,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea is the Schema
Owner, but is deleted.
Role Domain Owner = CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
Role PDC Owner = CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
Role Rid Owner = CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
Role Infrastructure Update Owner = CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
......................... HKEAAD02 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6606 to 1073741823
* HKEAAD02.hkea is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6106 to 6605
* rIDPreviousAllocationPool is 6106 to 6605
* rIDNextRID: 6114
......................... HKEAAD02 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC HKEAAD02 on DC HKEAAD02.
* SPN found :LDAP/HKEAAD02.hkea/hkea
* SPN found :LDAP/HKEAAD02.hkea
* SPN found :LDAP/HKEAAD02
* SPN found :LDAP/HKEAAD02.hkea/HKEA
* SPN found :LDAP/507a6c35-4f60-4691-a7a0-e63da0e93946._msdcs.hkea
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/507a6c35-4f60-4691-a7a0-e63da0e93946/hkea
* SPN found :HOST/HKEAAD02.hkea/hkea
* SPN found :HOST/HKEAAD02.hkea
* SPN found :HOST/HKEAAD02
* SPN found :HOST/HKEAAD02.hkea/HKEA
* SPN found :GC/HKEAAD02.hkea/hkea
......................... HKEAAD02 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... HKEAAD02 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
HKEAAD02 is in domain DC=hkea
Checking for CN=HKEAAD02,OU=Domain Controllers,DC=hkea in domain DC=hkea on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea in domain CN=Configuration,DC=hkea on 1 servers
Object is up-to-date on all servers.
......................... HKEAAD02 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service
SYSVOL ready test
File Replication Service's SYSVOL
is ready
......................... HKEAAD02 passed test frssysvol
Starting test: frsevent
* The File Replication Service
Event log test
......................... HKEAAD02 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... HKEAAD02 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... HKEAAD02 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference
(serverReference)
CN=HKEAAD02,OU=Domain Controllers,DC=hkea
and backlink on
CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
are correct.
The system object reference
(frsComputerReferenceBL)
CN=HKEAAD02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hkea
and backlink on
CN=HKEAAD02,OU=Domain Controllers,DC=hkea
are correct.
The system object reference
(serverReferenceBL)
CN=HKEAAD02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hkea
and backlink on
CN=NTDS Settings,CN=HKEAAD02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hkea
are correct.
......................... HKEAAD02 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : hkea
Starting test: CrossRefValidation
......................... hkea passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... hkea passed test CheckSDRefDom
Running enterprise tests on : hkea
Starting test: Intersite
Skipping site
Default-First-Site-Name, this site
is outside the scope provided by
the command line arguments
provided.
Skipping site HKEASITE01, this
site is outside the scope provided
by the command line arguments
provided.
......................... hkea passed test Intersite
Starting test: FsmoCheck
GC Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
PDC Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
Time Server Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
Preferred Time Server Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
KDC Name:
\\HKEAAD02.hkea
Locator Flags: 0xe00003fd
......................... hkea passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS