adprep /domainprep /gpprep fails
Hi, we are already running a Windows 2003 Server with Forest. Recently I set up a new Windows Server 2008 64bit and want to add the same in existing Forest as Domain Controller. The reason behind this is existing 2003 DC is not allowing us to login due to several problems. We have spent several weeks for fixing the same but yet no success hence we decided to add a new server as DC. And so we setup a new Server.
Now the problem am facing is as Server 2003 has gone invalid I’m no longer able promote the 2008 to dc. I thought if create a hyper-v virtual machine with 2003, transferring roles to the 2003 virtual machine, and running adprep from there will do the job. I did all these stuffs properly but I received some errors and problems. For example as soon as I ran forestprep, I don’t know why domainprep /gpprep gets failed. When I checked the logs, it says:
Adprep unable to update domain information.
Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.
Any help please?
Re: adprep /domainprep /gpprep fails
It sounds very complicated. Anyway, are you able to login in the old 2003 server? If yes, are you able to run the dcdiag and netdiag tools from MS Support Tools?
What is the result.
Re: adprep /domainprep /gpprep fails
As you said you are not able to login and neither able to promote an additional DC, most probably it is the permission issue. As far as i know both require domain admin permissions. The only thing i can suggest you is simply make the environment as healthy as possible. You can do it simply by installing a new HW/SW and kick out the old stuff completely.
RE: adprep /domainprep /gpprep fails
I appreciate your help T.J but to me it sounds like you didn’t understand the problem properly. I said my Old Server is not allowing us to login anymore. Its wpa is invalid. I even tried installing a separate Server 2003 on a Virtual Machine. I thought this will help me to run forestprep and domainprep but while trying to run the same it gives me error messages.
Re: adprep /domainprep /gpprep fails
For more info, here are the error logs
dcdiag results:
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\AT-6CE49F618025\netlogon) [AT-6CE49F618025] An net use or LsaPolicy operation failed with error 1 203, No network provider accepted the given network path..
......................... AT-6CE49F618025 failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\server-room.ambutrans.local, when we were trying to reach AT-6CE49F618025.
Server is not responding or is not considered suitable.
......................... AT-6CE49F618025 failed test Advertising
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
......................... AT-6CE49F618025 failed test frsevent
Re: adprep /domainprep /gpprep fails
OK, now I got it properly. Just try out the following steps and see if it works for you. You need to create a new Windows 2003 Domain Controller into the existing domain. Once done make it as GC and a DNS server as well. Once promoted, your domain should have two DCs including a healthy one and second unhealthy. Now start exporting stuff that are required from the healthy DC. After doing the same, Turn Off the UNhealthy DC, clean AD metadata of the UNhealhty DC and on the healthy DC seize ALL FSMO to the healthy DC.
You can also make use of the following commands from checking the health of the healthy DC:
- DCDIAG /C /D /V
- GPOTOOL /CheckAcl /Verbose
If everything is OK, then run the following commands:
- ADPREP /FORESTPREP
- ADPREP /RODCPREP (if you want to use RODCs, does not hurt if you do this!)
- ADPREP /DOMAINPREP /GPPREP
