are you by any chance trying to promote a R2 DC? If yes, use ADPREP from the SECOND CD from the R2 distribution set Met vriendelijke groeten / Kind regards, Ing. Jorge de Almeida Pinto Senior Infrastructure Consultant MVP Windows Server - Directory Services LogicaCMG Nederland B.V. (BU RTINC Eindhoven) ( Tel : +31-(0)40-29.57.777 ( Mobile : +31-(0)6-26.26.62.80 * E-mail : <see sender address>
________________________________ From: [EMAIL PROTECTED] on behalf of Steve Egan (Temp) Sent: Thu 2006-10-05 22:25 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Major screwup on AD for my company - Can't install AD on remote server now I'm the System/Network Engineer for Purcell Systems, and I'm afraid I've "screwed the pooch" on my network. Here's how: Shut down an antiquated FTP server after transferring files to the "new" FTP server. The old one's OS was Win2K, the new one is Win2003. I *did not* do anything to AD at the time this occurred. A day before I started working here (8/8/06) the server in Sweden was rebuilt by a local consultant. Hardware failure. He rebuilt from bare metal, and set up the DNS and AD incorrectly. The end result was a server sitting in its own domain. DNS was somehow told to replicate to the server, and was working fine. I next tried to put/rename/move the Sweden server into the Purcell.com domain. Oops, have to "upgrade" out of Win2000 mixed mode. No problem, I'll just transfer the AD, DNS, and PDC to a "master" machine running Win2003 and have lotsa machines (okay, one or two) running as PDCs and alternate DNS and AD, right? Here's where the pooch got this way - I'm a n00b when it comes to AD, and somehow in the "transfer" of functions I've messed up the domain something fierce. AD and DNS work just fine (replicate) on the USA and Poland servers, but I tried "upgrading" the Sweden server to the forest and things got cranky - it wouldn't upgrade because it swore up and down that the domain was still in pre-Win2003 mode. In frustration, I tore down DNS and AD on the Sweden server, and rebuilt them - not an easy task by remote control... The DNS rebuilt just peachy on the Sweden server, but when I go to install AD on it, it tells me that the domain ain't ready for prime time - I have to run adprep on the domain. I ran adprep the first time, and everything appeared to work just fine. Subsequent attempts are rebuffed - I've already prepared the domain, it tells me. The Sweden server just refuses to accept that the AD in the domain is Win2003 mode. I've checked - it's mode 2 on all the AD machines. The necessary containers for a Win2003 AD have been built! SOMEthing is preventing the ADPREP from executing properly. Here's a partial log entry from the Sweden server (adprep.log?): ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 10/05 01:34:26 [INFO] Searching for a domain controller for the domain PURCELLSYSTEMS.COM that contains the account PURCELLABSWE$10/05 01:34:27 [INFO] Located domain controller FTP1.PURCELLSYSTEMS.COM for domain PURCELLSYSTEMS.COM10/05 01:34:27 [INFO] Using site PURCELLSYSTEMS for server \\FTP1.PURCELLSYSTEMS.COM10/05 01:34:27 [INFO] Forcing time sync 10/05 01:34:27 [INFO] Forcing a time synch with \\FTP1.PURCELLSYSTEMS.COM10/05 01:34:29 [ERROR] Failed to get the current time on \\FTP1.PURCELLSYSTEMS.COM: 5 10/05 01:34:29 [ERROR] NON-FATAL error forcing a time sync (5). Ignoring 10/05 01:34:32 [INFO] Stopping service NETLOGON10/05 01:34:32 [INFO] Stopping service NETLOGON10/05 01:35:32 [INFO] Configuring service NETLOGON to 1 returned 0 10/05 01:35:32 [INFO] Stopped NETLOGON 10/05 01:35:32 [INFO] Deleting current sysvol path C:\WINDOWS\SYSVOL 10/05 01:35:36 [INFO] Created system volume path 10/05 01:35:36 [INFO] Copying initial Directory Service database file C:\WINDOWS\system32\ntds.dit to C:\WINDOWS\NTDS\ntds.dit10/05 01:35:36 [INFO] Installing the Directory Service10/05 01:35:36 [INFO] Calling NtdsInstall for PURCELLSYSTEMS.COM 10/05 01:35:36 [INFO] Starting Active Directory installation 10/05 01:35:36 [INFO] Validating user supplied options 10/05 01:35:36 [INFO] Determining a site in which to install 10/05 01:35:36 [INFO] Examining an existing Active Directory forest 10/05 01:35:40 [INFO] Error - The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more information about using the Adprep, see Active Directory Help. (8467) 10/05 01:35:40 [INFO] NtdsInstall for PURCELLSYSTEMS.COM returned 8467 10/05 01:35:40 [INFO] DsRolepInstallDs returned 8467 10/05 01:35:40 [ERROR] Failed to install to Directory Service (8467) 10/05 01:35:49 [INFO] Starting service NETLOGON10/05 01:35:49 [INFO] Configuring service NETLOGON to 2 returned 0 10/05 01:35:49 [INFO] The attempted domain controller operation has completed10/05 01:35:49 [INFO] DsRolepSetOperationDone returned 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Oh crap. Now what? Ideas? Steve Egan Purcell Systems System/Network Administrator desk 509 755-0341 x110 cell 509 475-7682 fax 509 755-0345 List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>
