# how to add a new windows 2003 domain controller from existing windows 2000 server



## jinnyjonn (Oct 16, 2007)

Hi all,

I have a new server with a windows 2003 R2 standard ed. and then i would like to add it as new domain controller from the existing windows 2000 server domain. I did use dcpromo to make my new server as domain controller however i have encountered errors:_The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more information about using the Adprep, see Active Directory Help.

The version of the Active Directory schema of the source forest is not compatible with the version of Active Directory on this computer.
_
Please do help me in my migration cause we will be using this server for another purpose with a 2003 system, any tips will be helpful.

thanks,


----------



## bilbus (Aug 29, 2006)

you need to prep the domain and forest before you can install a newer version of active directory on a downlevel domain.

Google domain prep and forest prep.


----------



## jinnyjonn (Oct 16, 2007)

i first did forest prep, however i've encounter errors on the last part here's the log:

Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=4444c516-f43a-4c12-9c4b-b5c064941d61,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=smsictb,DC=com.



LDAP API ldap_search_s() finished, return code is 0x20 



Adprep verified the state of operation cn=4444c516-f43a-4c12-9c4b-b5c064941d61,cn=Operations,cn=ForestUpdates,CN=Configuration,DC=smsictb,DC=com. 

[Status/Consequence]

The operation has not run or is not currently running. It will be run next.



Adprep was unable to complete because the call back function (null) failed. 

[Status/Consequence]

Error message: Error(110) while running ""C:\WINNT\system32\LDIFde.exe" -o ObjectGuid -d "CN=DS-UI-Default-Settings,CN=406,CN=DisplaySpecifiers,CN=Configuration,DC=smsictb,DC=com" -u -f "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TMP7B.tmp" -j "C:\WINNT\system32\debug\adprep\logs\20090113144622" -s ctb-dns.smsictb.com". Could not move file C:\WINNT\system32\debug\adprep\logs\20090113144622\LDIF.err to C:\WINNT\system32\debug\adprep\logs\20090113144622\DisplaySpecifierUpgradeLdifError.001.txt. The system cannot find the file specified.

(0x80070002).

[User Action] 

Check the log file Adprep.log, in the C:\WINNT\system32\debug\adprep\logs\20090113144622 directory for more information.



Adprep was unable to update forest-wide information. 

[Status/Consequence]

Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.

[User Action]

Check the log file, Adprep.log, in the C:\WINNT\system32\debug\adprep\logs\20090113144622 directory for more information. 

hope this would help.


----------



## bilbus (Aug 29, 2006)

did you run it with an account that was a schema admin?

use your domain\administrator account

Have you ever manualy modified the schema before?

Is the 2000 server on SP4? it must be for you to add a 2003 server as a DC.

Is the schema master online? run dcdiag/v to check. You need the support tools installed to run that command.

all role holders should be online, if not then you will have issues.

......................... DC1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=domain,C
N=Sites,CN=Configuration,DC=domain,DC=com

Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=domain,C
N=Sites,CN=Configuration,DC=domain,DC=com

Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=domain,CN=Sites,CN=Configuration,DC=domain,DC=com

Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=domain,CN=S
ites,CN=Configuration,DC=domain,DC=com

Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Server
s,CN=domain,CN=Sites,CN=Configuration,DC=domain,DC=com

......................... DC1 passed test KnowsOfRoleHolders


----------



## jinnyjonn (Oct 16, 2007)

yes i am using it with schema admin with all the administrator rights,haven't manually modified the schema before?how?
it is in with SP4, i think i am using the schema master, how will i know if all role holders are online?
i did run the forestprep now i encounter some errors, here's the log:

Adprep was unable to complete because the call back function (null) failed. 

[Status/Consequence]

Error message: Error(110) while running ""C:\WINNT\system32\LDIFde.exe" -o ObjectGuid -d "CN=organizationalUnit-Display,CN=404,CN=DisplaySpecifiers,CN=Configuration,DC=smsictb,DC=com" -u -f "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TMPDB.tmp" -j "C:\WINNT\system32\debug\adprep\logs\20090117230651" -s ctb-dns.smsictb.com". Could not move file C:\WINNT\system32\debug\adprep\logs\20090117230651\LDIF.err to C:\WINNT\system32\debug\adprep\logs\20090117230651\DisplaySpecifierUpgradeLdifError.001.txt. The system cannot find the file specified.

(0x80070002).

[User Action] 

Check the log file Adprep.log, in the C:\WINNT\system32\debug\adprep\logs\20090117230651 directory for more information.



Adprep was unable to update forest-wide information. 

[Status/Consequence]

Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.

[User Action]

Check the log file, Adprep.log, in the C:\WINNT\system32\debug\adprep\logs\20090117230651 directory for more information. 

hope this details will help,
really need to resolve this issues as soon as possible..

thanks,


----------



## bilbus (Aug 29, 2006)

you did not run dcdiag/v .. run that and output results

forest prep ran correctly .. or failed?

did you run domain prep after?

Are you following the checklist in setup?


----------



## jinnyjonn (Oct 16, 2007)

here's the output from dcdiag:

smsictb.com
is not registered on one or more DNS servers.
REPLICATION LATENCY WARNING
CTB-DNS: A full synchronization is in progress
from CTB-UAT to CTB-DNS
Replication of new changes along this path will be delayed.
[CTB-UAT] LDAP connection failed with error 58,
The specified server cannot perform the requested operation..
[Replications Check,CTB-DNS] A recent replication attempt failed:
From DEVELOPER to CTB-DNS
Naming Context: DC=smsictb,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failu
re.
The failure occurred at 2009-01-19 13:47.50.
The last success occurred at 2009-01-17 23:47.46.
38 failures have occurred since the last success.
The guid-based DNS name 43917d02-c935-477e-9bf1-f570bbb87330._msdcs.
smsictb.com
is not registered on one or more DNS servers.
......................... CTB-DNS passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=smsictb,DC=com
* Security Permissions Check for
CN=Configuration,DC=smsictb,DC=com
* Security Permissions Check for
DC=smsictb,DC=com
......................... CTB-DNS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... CTB-DNS passed test NetLogons
Starting test: Advertising
The DC CTB-DNS is advertising itself as a DC and having a DS.
The DC CTB-DNS is advertising as an LDAP server
The DC CTB-DNS is advertising as having a writeable directory
The DC CTB-DNS is advertising as a Key Distribution Center
The DC CTB-DNS is advertising as a time server
The DS CTB-DNS is advertising as a GC.
......................... CTB-DNS passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CTB-DNS,CN=Servers,CN=Default-F
irst-Site-Name,CN=Sites,CN=Configuration,DC=smsictb,DC=com
Role Domain Owner = CN=NTDS Settings,CN=CTB-DNS,CN=Servers,CN=Default-F
irst-Site-Name,CN=Sites,CN=Configuration,DC=smsictb,DC=com
Role PDC Owner = CN=NTDS Settings,CN=CTB-DNS,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=smsictb,DC=com
Role Rid Owner = CN=NTDS Settings,CN=CTB-DNS,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=smsictb,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CTB-DNS,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smsictb,DC=com
......................... CTB-DNS passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3103 to 1073741823
* ctb-dns.smsictb.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDNextRID: 1256
* rIDPreviousAllocationPool is 1103 to 1602
......................... CTB-DNS passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/ctb-dns.smsictb.com/smsictb.com
* SPN found :LDAP/ctb-dns.smsictb.com
* SPN found :LDAP/CTB-DNS
* SPN found :LDAP/ctb-dns.smsictb.com/SMSICTB
* SPN found :LDAP/675024e2-6025-437f-9eef-017c358290a6._msdcs.smsictb.c
om
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/675024e2-6025-437f-9e
ef-017c358290a6/smsictb.com
* SPN found :HOST/ctb-dns.smsictb.com/smsictb.com
* SPN found :HOST/ctb-dns.smsictb.com
* SPN found :HOST/CTB-DNS
* SPN found :HOST/ctb-dns.smsictb.com/SMSICTB
* SPN found :GC/ctb-dns.smsictb.com/smsictb.com
......................... CTB-DNS passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
Could not open IISADMIN Service on [CTB-DNS]:failed with 1060: The s
pecified service does not exist as an installed service.
* Checking Service: NtFrs
Could not open SMTPSVC Service on [CTB-DNS]:failed with 1060: The sp
ecified service does not exist as an installed service.
......................... CTB-DNS failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
CTB-DNS is in domain DC=smsictb,DC=com
Checking for CN=CTB-DNS,OU=Domain Controllers,DC=smsictb,DC=com in doma
in DC=smsictb,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CTB-DNS,CN=Servers,CN=Default-First-Si
te-Name,CN=Sites,CN=Configuration,DC=smsictb,DC=com in domain CN=Configuration,D
C=smsictb,DC=com on 1 servers
Object is up-to-date on all servers.
......................... CTB-DNS passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/14/2009 07:26:41
Event String: The File Replication Service is having trouble
enabling replication from CPCF to CTB-DNS for
c:\winnt\sysvol\domain using the DNS name
cpcf.smsictb.com. FRS will keep retrying.
Following are some of the reasons you would see
this warning.

[1] FRS can not correctly resolve the DNS name
cpcf.smsictb.com from this computer.
[2] FRS is not running on cpcf.smsictb.com.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.

This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/14/2009 07:26:42
Event String: The File Replication Service is having trouble
enabling replication from CTB-UAT to CTB-DNS for
c:\winnt\sysvol\domain using the DNS name
CTB-UAT.smsictb.com. FRS will keep retrying.
Following are some of the reasons you would see
this warning.

[1] FRS can not correctly resolve the DNS name
CTB-UAT.smsictb.com from this computer.
[2] FRS is not running on CTB-UAT.smsictb.com.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.

This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/14/2009 07:27:50
Event String: The File Replication Service is having trouble
enabling replication from DEVELOPER to CTB-DNS
for c:\winnt\sysvol\domain using the DNS name
developer.smsictb.com. FRS will keep retrying.
Following are some of the reasons you would see
this warning.

[1] FRS can not correctly resolve the DNS name
developer.smsictb.com from this computer.
[2] FRS is not running on developer.smsictb.com.

[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.

This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C5
Time Generated: 01/14/2009 07:36:02
Event String: The File Replication Service has enabled
replication from CPCF to CTB-DNS for
c:\winnt\sysvol\domain after repeated retries.
An Warning Event occured. EventID: 0x800034C5
Time Generated: 01/14/2009 14:47:10
Event String: The File Replication Service has enabled
replication from DEVELOPER to CTB-DNS for
c:\winnt\sysvol\domain after repeated retries.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/15/2009 09:04:38
Event String: The File Replication Service is having trouble
enabling replication from CTB-UAT to CTB-DNS for
c:\winnt\sysvol\domain using the DNS name
CTB-UAT.smsictb.com. FRS will keep retrying.
Following are some of the reasons you would see
this warning.

[1] FRS can not correctly resolve the DNS name
CTB-UAT.smsictb.com from this computer.
[2] FRS is not running on CTB-UAT.smsictb.com.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.

This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/16/2009 10:40:57
Event String: The File Replication Service is having trouble
enabling replication from CTB-UAT to CTB-DNS for
c:\winnt\sysvol\domain using the DNS name
CTB-UAT.smsictb.com. FRS will keep retrying.
Following are some of the reasons you would see
this warning.

[1] FRS can not correctly resolve the DNS name
CTB-UAT.smsictb.com from this computer.
[2] FRS is not running on CTB-UAT.smsictb.com.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.

This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/17/2009 14:00:16
Event String: The File Replication Service is having trouble
enabling replication from CTB-UAT to CTB-DNS for
c:\winnt\sysvol\domain using the DNS name
CTB-UAT.smsictb.com. FRS will keep retrying.
Following are some of the reasons you would see
this warning.

[1] FRS can not correctly resolve the DNS name
CTB-UAT.smsictb.com from this computer.
[2] FRS is not running on CTB-UAT.smsictb.com.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.

This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
An Warning Event occured. EventID: 0x800034FA
Time Generated: 01/17/2009 17:26:17
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller ctb-dns.smsictb.com
for FRS replica set configuration information.


The nTFRSMember object cn=ctb-uat,cn=domain system volume (sysvol share),cn=file
replication service,cn=system,dc=smsictb,dc=com has a invalid value for the att
ribute frsComputerReference.




An Warning Event occured. EventID: 0x800034FA
Time Generated: 01/18/2009 17:26:42
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller ctb-dns.smsictb.com
for FRS replica set configuration information.


The nTFRSMember object cn=ctb-uat,cn=domain system volume (sysvol share),cn=file
replication service,cn=system,dc=smsictb,dc=com has a invalid value for the att
ribute frsComputerReference.




......................... CTB-DNS passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... CTB-DNS passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... CTB-DNS passed test systemlog

Running enterprise tests on : smsictb.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... smsictb.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\ctb-dns.smsictb.com
Locator Flags: 0xe00001fd
PDC Name: \\ctb-dns.smsictb.com
Locator Flags: 0xe00001fd
Time Server Name: \\ctb-dns.smsictb.com
Locator Flags: 0xe00001fd



forest prep failed, i did not run domain prep since have to run correctly the forest prep..
what checklist are you referring?

thanks


----------



## bilbus (Aug 29, 2006)

sounds like dns, post ipconfig /all on both DCs


----------

