adprep /domainprep /gpprep fails

Years later I stumbled upon this while googling, and I see that I neglected to inform you all of my solution!

I used the task sceheduling service to remotely to execute the commands I couldn't execute locally. Finally I got that old DC off the network, and life there've been no issues since (3 years later).

> On Monday, June 23, 2008 7:41 PM rygu wrote:

> Hey there, thanks for reading my question. I am having problems adding a new
> Server 2008 x64 as domain controller in an existing 2003 forest.
>
> The entire situation is a bit embaressing, so I should tell you ahead of
> time that I am new to IT, and I've likely made mistakes. Please bear with me.
>
> We have an old 2003 server that functioned as dc. It is not valid, and we
> can no longer log into it. (I should mention that I do no support piracy, and
> as such, have worked very hard to bring everything here to a professional
> level)
>
> We have invested in a brand new 2008 server which I want to replace the 2003
> completely. The 2003 is an old unreliable computer, and I do not want it
> performing any domain level function anymore.
>
> Since I cannot log into the old 2003 to run adprep, I can't promote the 2008
> to dc. My idea to work around this was create a hyper-v virtual machine with
> 2003, transfer roles to the 2003 virtual machine, and run adprep from there.
> I did this, but am stuck with a couple differant issues:
>
> 1) After forestprep succeeded, domainprep /gpprep fails
> log says
> Adprep unable to update domain information
> Adprep requires access to existing domain-wide information from the
> infrastructure master in order to complete this operation.
>
> notes:
> -I made sure the sysvol reg key is correct
> -this virtual machine dc is infrastructure master, as well as all other fsmo
> roles
>
> 2) Ignoring this error, I attempted to use dcpromo on 2008 anyway, however
> warnings that I do not understand convinced me not to continue without asking
> for help. The warning I received says: A delegation for this DNS server
> cannot be created because the authoritative parent zone cannot be found or it
> does not run Windows DNS server. To enable reliable DNS name resolution from
> outside the domain *FQDN*, you should create a delegation to this DNS server
> manually in the parent zone. Do you want to continue?
>
> What do I do now???? The old 2003 is still running, serving up dc, and now
> I've got a virtual machine 2003 running as another, neither of which are
> valid, and I need to get rid of, and 2008 sitting here, just waiting to get a
> peice of the action.
>
> Any help is well appreciated! Thanks


>> On Tuesday, June 24, 2008 5:12 AM Jorge Silva wrote:

>> Hi
>>
>> Can you login in the old server and run the dcdiag and netdiag tools from MS
>> Support Tools?
>>
>> --
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MCSE, MVP Directory Services


>>> On Tuesday, June 24, 2008 6:21 AM Jorge de Almeida Pinto [MVP - DS] wrote:

>>> why are you not able to logon to the DC, but you are able to promote an
>>> additional DC? Both require domain admin permissions, so that is kinda
>>> strange to me
>>>
>>> I would make the environment as healthy as possible, install new HW/SW and
>>> kick out the old stuff
>>>
>>> --
>>>
>>> Cheers,
>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>
>>>
>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>> ------------------------------------------------------------------------------------------
>>> * How to ask a question --> http://support.microsoft.com/?id=555375
>>> ------------------------------------------------------------------------------------------
>>> * This posting is provided "AS IS" with no warranties and confers no rights!
>>> * Always test ANY suggestion in a test environment before implementing!
>>> ------------------------------------------------------------------------------------------
>>> ------------------------------------------------------------------------------------------
>>> "ryguy" <> wrote in message
>>> news:9DE93F37-E359-4D27-91AF-...


>>>> On Tuesday, June 24, 2008 11:59 AM Rygu wrote:

>>>> Thank you Jorge, but I do not believe you understood me completely, so I will
>>>> clarify.
>>>>
>>>> I cannot log into the desktop of the original DC because wpa is invalid. To
>>>> work around this I installed another 2003 server as a virtual machine on
>>>> another computer to run forestprep and domainprep. But domainprep produced
>>>> errors.
>>>>
>>>> I can use this virtual machine to do anything now, but errors are occuring.
>>>> I need assitance with the errors that I listed in the original message re:
>>>> domainprep. The errors are what I need help with now. I have access to a DC
>>>> to perform the required steps.


>>>>> On Tuesday, June 24, 2008 12:18 PM Rygu wrote:

>>>>> dcdiag results:
>>>>> Starting test: NetLogons
>>>>> Unable to connect to the NETLOGON share! (\\AT-6CE49F618025\netlogon)
>>>>> [AT-6CE49F618025] An net use or LsaPolicy operation failed with
>>>>> error 1
>>>>> 203, No network provider accepted the given network path..
>>>>> ......................... AT-6CE49F618025 failed test NetLogons
>>>>> Starting test: Advertising
>>>>> Warning: DsGetDcName returned information for
>>>>> \\server-room.ambutrans.l
>>>>> ocal, when we were trying to reach AT-6CE49F618025.
>>>>> Server is not responding or is not considered suitable.
>>>>> ......................... AT-6CE49F618025 failed test Advertising
>>>>>
>>>>> Starting test: frsevent
>>>>> There are warning or error events within the last 24 hours after the
>>>>> SYSVOL has been shared. Failing SYSVOL replication problems may
>>>>> cause
>>>>> Group Policy problems.
>>>>> ......................... AT-6CE49F618025 failed test frsevent
>>>>>
>>>>>
>>>>> "Jorge Silva" wrote:


>>>>>> On Tuesday, June 24, 2008 12:19 PM Rygu wrote:

>>>>>> netdiag results:
>>>>>> Domain membership test . . . . . . : Failed
>>>>>> [WARNING] Ths system volume has not been completely replicated to the
>>>>>> local
>>>>>> machine. This machine is not working properly as a DC.
>>>>>>
>>>>>>
>>>>>> "Jorge Silva" wrote:


>>>>>>> On Tuesday, June 24, 2008 12:20 PM Jorge de Almeida Pinto [MVP - DS] wrote:

>>>>>>> ahhhhh. now I understand
>>>>>>>
>>>>>>> ok, try the following
>>>>>>>
>>>>>>> introduce a NEW w2k3 DC into the existing domain (which is just 1 DC) and
>>>>>>> also make it a GC and a DNS server. After the promotion the domain will have
>>>>>>> two DCs, one unhealthy and one healthy
>>>>>>> from the healthy DC start exporting stuff that needs to be exported (.e.g
>>>>>>> DHCP stuff, etc.)
>>>>>>> Shutdown the UNhealthy DC
>>>>>>> on the healthy DC clean the AD metadata of the UNhealhty DC
>>>>>>> on the healthy DC seize ALL FSMO to the healthy DC
>>>>>>>
>>>>>>> use the following commands to check the health of the healthy DC:
>>>>>>> DCDIAG /C /D /V
>>>>>>> GPOTOOL /CheckAcl /Verbose
>>>>>>>
>>>>>>> if thats OK do:
>>>>>>> ADPREP /FORESTPREP
>>>>>>> ADPREP /RODCPREP (if you want to use RODCs, does not hurt if you do this!)
>>>>>>> ADPREP /DOMAINPREP /GPPREP
>>>>>>>
>>>>>>> Install the W2K8 DC, make it a GC, a DNS server and transfer the FSMO roles
>>>>>>> to the W2K8 DC
>>>>>>> demote the healthy w2k3 DC and remove from domain
>>>>>>>
>>>>>>> it should be something like this
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Cheers,
>>>>>>> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>>>>>>>
>>>>>>>
>>>>>>> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
>>>>>>> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>>>>>>> ------------------------------------------------------------------------------------------
>>>>>>> * How to ask a question --> http://support.microsoft.com/?id=555375
>>>>>>> ------------------------------------------------------------------------------------------
>>>>>>> * This posting is provided "AS IS" with no warranties and confers no rights!
>>>>>>> * Always test ANY suggestion in a test environment before implementing!
>>>>>>> ------------------------------------------------------------------------------------------
>>>>>>> ------------------------------------------------------------------------------------------
>>>>>>> "Ryguy" <> wrote in message
>>>>>>> news:2FA0F36C-BA12-4A54-A6BF-...


>>>>>>>> On Wednesday, June 25, 2008 8:42 PM Rygu wrote:

>>>>>>>> things have become pretty desperate for me
>>>>>>>>
>>>>>>>> i can't get a healthy dc to replicate from the unhealthy. strange though,
>>>>>>>> cause i've promoted the new 2008 server already, and it's also running a vm
>>>>>>>> of 2003 server, also a dc. all three dc's are unhealthy! the first one, the
>>>>>>>> one I'm trying to replace, I can't log into it, but it continues to run. The
>>>>>>>> second one in the vm, and the third, the 2008, neither of which are charing
>>>>>>>> sysvol, so replication isn't successfull?! the event logs mention a few
>>>>>>>> things, but nothing concrete. Anyone have any suggestions?
>>>>>>>>
>>>>>>>> Please see two messages i've replied to this one. The first message contains
>>>>>>>> event log entries, and the second one the results of dcdiag


>>>>>>>>> On Wednesday, June 25, 2008 8:44 PM Rygu wrote:

>>>>>>>>> Event log for replication:
>>>>>>>>> -The DFS Replication service has detected that replication group Domain
>>>>>>>>> System Volume was removed from the configuration
>>>>>>>>> -The DFS Replication service has detected that all replicated folders on
>>>>>>>>> volume C: have been disabled or deleted
>>>>>>>>> -The DFS Replication service is not replicating the SYSVOL replicated
>>>>>>>>> folder. If the domain controller was demoted and the DFS Replication service
>>>>>>>>> has been replicating SYSVOL, this event is expected and no user action is
>>>>>>>>> required
>>>>>>>>> -The DFS Replication service detected that the replicated folder at local
>>>>>>>>> path C:\Windows\SYSVOL\domain has been removed from configuration


>>>>>>>>>> On Wednesday, June 25, 2008 8:50 PM Rygu wrote:

>>>>>>>>>> Directory Server Diagnosis
>>>>>>>>>>
>>>>>>>>>> Performing initial setup:
>>>>>>>>>> Trying to find home server...
>>>>>>>>>> Home Server = ATSERV
>>>>>>>>>> * Identified AD Forest.
>>>>>>>>>> Done gathering initial info.
>>>>>>>>>>
>>>>>>>>>> Doing initial required tests
>>>>>>>>>>
>>>>>>>>>> Testing server: Default-First-Site-Name\ATSERV
>>>>>>>>>> Starting test: Connectivity
>>>>>>>>>> ......................... ATSERV passed test Connectivity
>>>>>>>>>>
>>>>>>>>>> Doing primary tests
>>>>>>>>>>
>>>>>>>>>> Testing server: Default-First-Site-Name\ATSERV
>>>>>>>>>> Starting test: Advertising
>>>>>>>>>> Warning: DsGetDcName returned information for
>>>>>>>>>> \\server-room.atdomain.local, when we were trying to reach ATSERV.
>>>>>>>>>> SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
>>>>>>>>>> ......................... ATSERV failed test Advertising
>>>>>>>>>> Starting test: FrsEvent
>>>>>>>>>> There are warning or error events within the last 24 hours after the
>>>>>>>>>> Group Policy problems. Failing SYSVOL replication problems may cau
>>>>>>>>>> ......................... ATSERV passed test FrsEvent
>>>>>>>>>> Starting test: DFSREvent
>>>>>>>>>> There are warning or error events within the last 24 hours after the
>>>>>>>>>> Group Policy problems. Failing SYSVOL replication problems may cau
>>>>>>>>>> ......................... ATSERV failed test DFSREvent
>>>>>>>>>> Starting test: SysVolCheck
>>>>>>>>>> ......................... ATSERV passed test SysVolCheck
>>>>>>>>>> Starting test: KccEvent
>>>>>>>>>> ......................... ATSERV passed test KccEvent
>>>>>>>>>> Starting test: KnowsOfRoleHolders
>>>>>>>>>> ......................... ATSERV passed test KnowsOfRoleHolders
>>>>>>>>>> Starting test: MachineAccount
>>>>>>>>>> ......................... ATSERV passed test MachineAccount
>>>>>>>>>> Starting test: NCSecDesc
>>>>>>>>>> Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
>>>>>>>>>> Replicating Directory Changes In Filtered Set
>>>>>>>>>> access rights for the naming context:
>>>>>>>>>> DC=ForestDnsZones,DC=atdomain,DC=local
>>>>>>>>>> Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
>>>>>>>>>> Replicating Directory Changes In Filtered Set
>>>>>>>>>> access rights for the naming context:
>>>>>>>>>> DC=DomainDnsZones,DC=atdomain,DC=local
>>>>>>>>>> ......................... ATSERV failed test NCSecDesc
>>>>>>>>>> Starting test: NetLogons
>>>>>>>>>> Unable to connect to the NETLOGON share! (\\ATSERV\netlogon)
>>>>>>>>>> [ATSERV] An net use or LsaPolicy operation failed with error 67,
>>>>>>>>>> Win32 Error 67.
>>>>>>>>>> ......................... ATSERV failed test NetLogons
>>>>>>>>>> Starting test: ObjectsReplicated
>>>>>>>>>> ......................... ATSERV passed test ObjectsReplicated
>>>>>>>>>> Starting test: Replications
>>>>>>>>>> ......................... ATSERV passed test Replications
>>>>>>>>>> Starting test: RidManager
>>>>>>>>>> ......................... ATSERV passed test RidManager
>>>>>>>>>> Starting test: Services
>>>>>>>>>> ......................... ATSERV passed test Services
>>>>>>>>>> Starting test: SystemLog
>>>>>>>>>> An Warning Event occurred. EventID: 0x80040020
>>>>>>>>>> Time Generated: 06/25/2008 19:40:53
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Warning Event occurred. EventID: 0x80040020
>>>>>>>>>> Time Generated: 06/25/2008 19:40:53
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Warning Event occurred. EventID: 0x80040020
>>>>>>>>>> Time Generated: 06/25/2008 19:40:53
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Warning Event occurred. EventID: 0x8000001D
>>>>>>>>>> Time Generated: 06/25/2008 19:41:23
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Warning Event occurred. EventID: 0x00000C18
>>>>>>>>>> Time Generated: 06/25/2008 19:41:30
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Warning Event occurred. EventID: 0x80001421
>>>>>>>>>> Time Generated: 06/25/2008 19:41:51
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Warning Event occurred. EventID: 0x8000A000
>>>>>>>>>> Time Generated: 06/25/2008 19:41:53
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Error Event occurred. EventID: 0xC0001B81
>>>>>>>>>> Time Generated: 06/25/2008 19:42:08
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Error Event occurred. EventID: 0xC0001B58
>>>>>>>>>> Time Generated: 06/25/2008 19:42:08
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Error Event occurred. EventID: 0xC0001B81
>>>>>>>>>> Time Generated: 06/25/2008 19:42:08
>>>>>>>>>> EvtFormatMessage failed, error 15100 Win32 Error 15100.
>>>>>>>>>> (Event String (event log = System) could not be retrieved, error
>>>>>>>>>> 0x3afc)
>>>>>>>>>> An Error Event occurred. EventID: 0xC0001B58
>>>>>>>>>> ************************************************** **********************************
>>>>>>>>>> This repetition of errors continues for three pages!!!
>>>>>>>>>> I am breaking here, and continuing, for the sanity of this thread!
>>>>>>>>>> ************************************************** **********************************
>>>>>>>>>> ......................... ATSERV failed test SystemLog
>>>>>>>>>> Starting test: VerifyReferences
>>>>>>>>>> Some objects relating to the DC ATSERV have problems:
>>>>>>>>>> [1] Problem: Missing Expected Value
>>>>>>>>>> Base Object:
>>>>>>>>>> CN=NTDS
>>>>>>>>>> Settings,CN=ATSERV,CN=Servers,CN=Default-First-Site-Name,CN=
>>>>>>>>>> Sites,CN=Configuration,DC=atdomain,DC=local
>>>>>>>>>> Base Object Description: "DSA Object"
>>>>>>>>>> Value Object Attribute Name: serverReferenceBL
>>>>>>>>>> Value Object Description: "SYSVOL FRS Member Object"
>>>>>>>>>> Recommended Action: See Knowledge Base Article: Q312862
>>>>>>>>>>
>>>>>>>>>> ......................... ATSERV failed test VerifyReferences
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Running partition tests on : ForestDnsZones
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... ForestDnsZones passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation
>>>>>>>>>> ......................... ForestDnsZones passed test
>>>>>>>>>> CrossRefValidation
>>>>>>>>>>
>>>>>>>>>> Running partition tests on : DomainDnsZones
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... DomainDnsZones passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation
>>>>>>>>>> ......................... DomainDnsZones passed test
>>>>>>>>>> CrossRefValidation
>>>>>>>>>>
>>>>>>>>>> Running partition tests on : Schema
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... Schema passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation
>>>>>>>>>> ......................... Schema passed test CrossRefValidation
>>>>>>>>>>
>>>>>>>>>> Running partition tests on : Configuration
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... Configuration passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation
>>>>>>>>>> ......................... Configuration passed test
>>>>>>>>>> CrossRefValidation
>>>>>>>>>> Running partition tests on : atdomain
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... atdomain passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation
>>>>>>>>>> ......................... ATSERV failed test SystemLog
>>>>>>>>>> Starting test: VerifyReferences
>>>>>>>>>> Some objects relating to the DC ATSERV have problems:
>>>>>>>>>> [1] Problem: Missing Expected Value
>>>>>>>>>> Base Object:
>>>>>>>>>> CN=NTDS
>>>>>>>>>> Settings,CN=ATSERV,CN=Servers,CN=Default-First-Site-Name,CN=
>>>>>>>>>> Sites,CN=Configuration,DC=atdomain,DC=local
>>>>>>>>>> Base Object Description: "DSA Object"
>>>>>>>>>> Value Object Attribute Name: serverReferenceBL
>>>>>>>>>> Value Object Description: "SYSVOL FRS Member Object"
>>>>>>>>>> Recommended Action: See Knowledge Base Article: Q312862
>>>>>>>>>>
>>>>>>>>>> ......................... ATSERV failed test VerifyReferences
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Running partition tests on : ForestDnsZones
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... ForestDnsZones passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation
>>>>>>>>>> ......................... ForestDnsZones passed test
>>>>>>>>>> CrossRefValidation
>>>>>>>>>>
>>>>>>>>>> Running partition tests on : DomainDnsZones
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... DomainDnsZones passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation
>>>>>>>>>> ......................... DomainDnsZones passed test
>>>>>>>>>> CrossRefValidation
>>>>>>>>>>
>>>>>>>>>> Running partition tests on : Schema
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... Schema passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation
>>>>>>>>>> ......................... Schema passed test CrossRefValidation
>>>>>>>>>>
>>>>>>>>>> Running partition tests on : Configuration
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... Configuration passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation
>>>>>>>>>> ......................... Configuration passed test
>>>>>>>>>> CrossRefValidation
>>>>>>>>>> Running partition tests on : atdomain
>>>>>>>>>> Starting test: CheckSDRefDom
>>>>>>>>>> ......................... atdomain passed test CheckSDRefDom
>>>>>>>>>> Starting test: CrossRefValidation


>>>>>>>>>>> On Sunday, January 08, 2012 4:59 PM Ryan T wrote:

>>>>>>>>>>> Years later I stumbled upon this while googling, and I see that I neglected to inform you all of my solution!
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I used the task sceheduling service to remotely to execute the commands I couldn't execute locally. Finally I got that old DC off the network, and life there've been no issues since (3 years later).