need urgent help with AD upgrade

  • Thread starter Thread starter Dhaval Brahmbhatt
  • Start date Start date
D

Dhaval Brahmbhatt

Hi there,

I am in need of urgent help.

I am not very familiar with active directory. I know very basic stuff about
AD. ( you might wonder then why I am using it but that's a different story.)

Now, basically we have one main server, the only one on our network. Windows
2000 server, all patches, SP4, Exchange 2000 SP3. Also, all other
applications installed on this same server.


Now, for testing, one of my colleague installed another Windows 2000 server
on a PC for making it as a test server for Citrix. But he joined it to the
domain and made it domain controller, so obviously, AD replication is
required between the main server and citrix server. Now, just after
installation of this new Domain Controller, we took it off the network. But
the entry of that PC was still there in the Domain Controllers OU, which is
normal. The main server just thinks, and as it is, the second domain
controller is now offline.

Now, after this (install of second DC) only, we have seen very weird
behaviour on the network. Two of the PCs has gone mad. We just can't make
the PC to talk to the domain. No domain users can be added to the local
administrator group, even if you are logged in as the local administrator.

But the main issue is here. We have just purchased a very high spec server
and we want to install windows 2003 on this new server, but this new server
will join the existing domain hosted by the main windows 2000 server. This
requires the windows 2000 domain to be upgraded to Windows 2003 domain,
basically, we need to run "adprep /forestprep" and "adprep /domainprep" on
the main server because we need to prepare the forest as well as domain for
windows 2003 and we need to update the schema for that and that is what
these commands do, as I believe. obviously this command I ran from the CD of
Windows 2003.

When I do forestprep on the main windows 2000 DC, I get error. I have
attached the two log files which the error message asks me to look for more
information. I searched the TechNet, Google etc, but can't find what is
wrong. I thought the second DC might have caused the problem and I removed
it from the domain controllers OU, with saying OK to the warnings that it
contains other object and they will be deleted as well. Even the removal of
the second DC has also not made any difference

Also, as everyone does, I wanted to run the dcdiag.exe utility before I can
do the forestprep, but the dcdiag.exe also gives me an error saying Entry
point not found in ntdsapi.dll. I looked up on the web and found that the
version of the admin tools and the dll file is not matching. I installed
them using adminpak.msi file from various sources like the windows 2000
server CD, from SP4 extract, download of the Microsoft website, but same
error.

I tried running it from a workstation, but that too returned error saying
LDAP can't bind to something.

I overall think that I need to first find the problems with my AD and then
repair them before I can go ahead with my new server.

We had planned this over the Christmas, but because of these problems, we
are now running out of time, please help.

Dhaval
 
Did you remove the Citrix machine from the domain per HOW TO: Remove Data in
Active Directory After an Unsuccessful Domain Controller Demotion?

After you take care of that, could you please send the output from HOW TO:
Find Servers That Hold Flexible Single Master Operations Roles


--
--
Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us

Http://www.briandesmond.com
 
when you took the Citrix box off the network, did you just take it off or
did you dcpromo it out? That is key to fixing. Second, if you didn't
purchase Citrix yet...try my AppLauncher and you will be able to save a few
thousand dollars for the same solution.

--
Sincerely,
Mark Mancini, CCA, CCNA, Master CIW&CI, CNE 4&5, MCSE+I 4&2000
www.MCSE2000.com
www.AppLauncher.com
 
After SP4 for Windows 2000 and in Windows Server 2003, to be able to
transfer or seize the FSMO roles you have to be able to synchronize changes
with all other domain controllers. Since the other DC is still in AD but
not available that requirement is failing.

As recommended by Brian Desmond in an earlier post, remove the other DCs
metadata from AD using ntdsutil. The knowledge base article number that
goes with the title he mentioned for metadata cleanup is 216498.

After you've done that, run "repadmin /showreps" (without quotations) to
ensure that you are not seeing any replication failures (since this is the
only dc there should be no replication partners).

If replication is not a problem and it still fails also check the option
"The Schema may be modified on this Domain Controller" using
the Schema Manager Snap-in.
1. Click Start, point to Programs, point to Administrative Tools, and then
click Schema Manager.
2. Right-click Active Directory Schema, and then click Operations Master.
3. Click "The Schema may be modified on this domain controller".

The following kb article may also prove useful to you:
325379 How to Upgrade Windows 2000 Domain Controllers to Windows Server 2003
http://support.microsoft.com/?id=325379

The following article may be David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Dhaval Brahmbhatt" <[email protected]>
| Subject: need urgent help with AD upgrade
| Date: Tue, 30 Dec 2003 23:42:33 -0000
| Lines: 192
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <#[email protected]>
| Newsgroups:
microsoft.public.active.directory.interfaces,microsoft.public.win2000.active
_directory,microsoft.public.windows.server.active_directory
| NNTP-Posting-Host: ACBA592D.ipt.aol.com 172.186.89.45
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.
phx.gbl
| Xref: cpmsftngxa07.phx.gbl
microsoft.public.win2000.active_directory:60868
microsoft.public.windows.server.active_directory:8089
microsoft.public.active.directory.interfaces:17276
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi there,
|
| I am in need of urgent help.
|
| I am not very familiar with active directory. I know very basic stuff
about
| AD. ( you might wonder then why I am using it but that's a different
story.)
|
| Now, basically we have one main server, the only one on our network.
Windows
| 2000 server, all patches, SP4, Exchange 2000 SP3. Also, all other
| applications installed on this same server.
|
|
| Now, for testing, one of my colleague installed another Windows 2000
server
| on a PC for making it as a test server for Citrix. But he joined it to the
| domain and made it domain controller, so obviously, AD replication is
| required between the main server and citrix server. Now, just after
| installation of this new Domain Controller, we took it off the network.
But
| the entry of that PC was still there in the Domain Controllers OU, which
is
| normal. The main server just thinks, and as it is, the second domain
| controller is now offline.
|
| Now, after this (install of second DC) only, we have seen very weird
| behaviour on the network. Two of the PCs has gone mad. We just can't make
| the PC to talk to the domain. No domain users can be added to the local
| administrator group, even if you are logged in as the local administrator.
|
| But the main issue is here. We have just purchased a very high spec server
| and we want to install windows 2003 on this new server, but this new
server
| will join the existing domain hosted by the main windows 2000 server. This
| requires the windows 2000 domain to be upgraded to Windows 2003 domain,
| basically, we need to run "adprep /forestprep" and "adprep /domainprep"
on
| the main server because we need to prepare the forest as well as domain
for
| windows 2003 and we need to update the schema for that and that is what
| these commands do, as I believe. obviously this command I ran from the CD
of
| Windows 2003.
|
| When I do forestprep on the main windows 2000 DC, I get error. I have
| attached the two log files which the error message asks me to look for
more
| information. I searched the TechNet, Google etc, but can't find what is
| wrong. I thought the second DC might have caused the problem and I removed
| it from the domain controllers OU, with saying OK to the warnings that it
| contains other object and they will be deleted as well. Even the removal
of
| the second DC has also not made any difference
|
| Also, as everyone does, I wanted to run the dcdiag.exe utility before I
can
| do the forestprep, but the dcdiag.exe also gives me an error saying Entry
| point not found in ntdsapi.dll. I looked up on the web and found that the
| version of the admin tools and the dll file is not matching. I installed
| them using adminpak.msi file from various sources like the windows 2000
| server CD, from SP4 extract, download of the Microsoft website, but same
| error.
|
| I tried running it from a workstation, but that too returned error saying
| LDAP can't bind to something.
|
| I overall think that I need to first find the problems with my AD and then
| repair them before I can go ahead with my new server.
|
| We had planned this over the Christmas, but because of these problems, we
| are now running out of time, please help.
|
| Dhaval
|
|
|
 
Back
Top