AwinishNaitik's Technical Blog

Lets continue the journey of learn & Share..

Upgrade from Windows 2000/2003 to 2008/2008 R2 Domain Controllers

Posted by Awinish on March 4, 2011

One question which I often come across is how to upgrade your domain from windows 2003 to windows 2008 or 2008 R2.

Mostly organizations are running their domain controller on windows 2003 x86(32bit), windows 2008 R2 is available only in x64(64bit) & initially when we want to upgrade their domain from windows 2000 to 2003 they use ADPREP.EXE as 99% organization has their DC on 32bit system.

Now, you too decided to upgrade your domain controller to windows 2008 R2 which is only available in x64bit, & while looking for ADPREP.EXE, you found ADPREP32.EXE as well as ADPREP.EXE both is available in windows 2008 R2 media, now you are confused which one to be used on windows 2003 which is 32bit to prepare schema so you can introduce x64 bit (2008 or 2008 R2) domain controller.

Thinking ADPREP32.EXE is made for 32bit dc & since you are going to use windows 2008 R2 which is x64, you decided to run on windows 2000 or 2003 which is 32 bit & what’s next you got error, scratching your head looking for here & there checking your Active directory health using DCDIAG & NETDIAG (NETDIAG is not available in windows 2008 & above), but everything is well & good. Now you decided to verify replication using REPADMIN & REPLMON (REPLMON is not available in windows 2008 & above) tool that’s also fine, you again decided to re-look to account used for ADPREP which has to be member of following schema admin, enterprise admin & domain admin it is too in place, so what is wrong or making ADPREP to fail when everything is in place.

Well, its nothing wrong but you chose the wrong version of ADPREP, MS has released two version of ADPREP32.EXE which has to run on 32bit OS DC & ADPREP.EXE has to run on 64 bit DC. There is no different between ADPREP32.EXE & ADPREP.EXE, both does the same job, its only for compatibility with 32bit OS & 64bit OS.

This time you went ahead & tried ADPREP32.EXE from 2008 or 2008 R2 media & you found it working.

I found people have doubt, if I upgrade the schema from windows 2000/2003 to 2008/2008 R2, will there be any issue, to clear the doubt, ADPREP will only add the new attribute & classes, but it will not modify or delete the already existing attribute or classes.

One more important thing if you have multiple domain or domain controller with large site base, wait for the replication cycle to finish & make sure changes has replicated to all the DC’s, then only proceed.

You need to run the below commands on the following DC servers only not on member server or new windows 2008 R2 which is going to be ADC:

Command Domain Controller
adprep.exe /forestprep Schema Master
adprep.exe /domainprep Infrastructure Master
adprep.exe /domainprep /gpprep Infrastructure Master
adprep.exe /rodcprep *(This command is optional. Run it only if you want to install a read-only domain controller (RODC). There is no harms in running even. ) Domain Naming Master/IM(Can be executed on any of the DC)

adprep.exe /domainprep /gpprep is not required, if you are upgrading your domain from windows 2003/20032 to windows 2008/2008 R2, its only required during the upgrade of windows 2000 to 2003/R2 or 2008/R2.

http://technet.microsoft.com/en-us/library/dd464018%28WS.10%29.aspx

http://blogs.technet.com/b/askds/archive/2008/11/11/so-you-want-to-upgrade-to-windows-2008-domain-controllers-adprep.aspx

The function of gpprep is to add permission on policy folder in Sysvol.

Once you verify everything is well & good, then only proceed, which is only way to achieve error free upgrade.

To know more about Adprep /forestprep, adprep /domainprep, adprep /domainprep /gpprep & why we need to run it, refer below.

http://technet.microsoft.com/en-us/library/cc731728%28v=ws.10%29.aspx

AD Schema Version:

OS Version

Schema Version

Windows 2012 R2 69
Windows 2012 56
Windows 2008 R2 47
Windows 2008 44
Windows 2003 R2 31
Windows 2003 30
Windows 2000 13

 

How to find the current Schema Version

dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion

http://support.microsoft.com/kb/556086

In multi-domain environment, sometimes you don’t run domainprep after forestprep & the reason could be, you don’t want to upgrade all the domain or it is postponed for later time due to business requriements. In this case to find out whether domainprep was earlier ran or not, you can check the revision attribute.

AD Revision Version:

OS Version Revision Version
Windows 2012 11
Windows 2008 R2 5
Windows 2008 3

 

dsquery * CN=ActiveDirectoryUpdate,CN=DomainUpdates,CN=System,dc=domainname,dc=local -scope base -attr revision

In case of the multiple domain forest, use only domain.local because schema master will be common & will be running on the DC with schema role only.

To find out which DC is holding DNS partition, run below command. To find out DC holding DomainDnsZones for particular domain, provide specific domain name. To find out DC holding forestDnsZones partition, enter root domain.

dsquery * CN=Infrastructure,DC=DomainDnsZones,DC=Domain,DC=com -attr fSMORoleOwner

dsquery * CN=Infrastructure,DC=forestDnsZones,DC=Domain,DC=com -attr fSMORoleOwner

References to the AD upgrade in windows 2008 or 2008 R2

Upgrading Active Directory Domains to Windows Server 2008 and Windows Server 2008 R2 AD DS Domains

http://technet.microsoft.com/en-us/library/cc731188%28WS.10%29.aspx

Upgrade Domain Controllers: Microsoft Support Quick Start for Adding Windows Server 2008 or Windows Server 2008 R2 Domain Controllers to Existing Domains

http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2%28WS.10%29.aspx#BKMK_Whatsnew

Performing an Active Directory Health Check Before Upgrading

http://blogs.technet.com/b/ptsblog/archive/2011/11/14/performing-an-active-directory-health-check-before-upgrading.aspx

http://blogs.technet.com/b/askds/archive/2008/11/11/so-you-want-to-upgrade-to-windows-2008-domain-controllers-adprep.aspx

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/03/02/transitioning-your-active-directory-to-windows-server-2008.aspx

Few Steps prior to preparing your environment for windows 2008 or 2008 R2.

  • Checking your Domain & domain controller health using dcdiag, & netdiag(Netdiag is not available in windows 2008 & above) tool.
  • Check replication using repadmin tool.
  • Check the DNS name resolution & its related error in event log.
  • Check error related to sysvol & FRS.

Troubleshooting ADPREP errors.

http://blogs.technet.com/b/askds/archive/2008/12/15/troubleshooting-adprep-errors.aspx

Happy upgrading..

Advertisements

52 Responses to “Upgrade from Windows 2000/2003 to 2008/2008 R2 Domain Controllers”

  1. Great post, thanks. I also wanted to find out if there were special considerations for very large organizations? In our enterprise, we have multiple forests, parent and child domains and we just wanted to make sure that if we extend the schema, it will play nice with 2003.

    • Awinish said

      Thank you for your comments. Extending the schema can’t be the issue, since running the adprep to update the schema it only add the new classes & attribute w/o removing/modifying the existing classes/attributes.

      Few legacy application might not be compatible with schema changes, but i haven’t heard of any such till now.If you are bothered, i always recommend for creating replica of live environment into lab & test all the application/functionality before upgrading the schema. This is best way to move ahead.

      System state backup of AD is always best & handy solution to proceed before making any minor/major changes into schema. Once you got all the DC in windows 2008 r2, you might want for raising the DFFL/FFL to 2008 R2.

      Key Points:
      – Take system state backup prior to schema update.
      – Test the live environment with all the applications in a lab
      – Document the test cases.
      – good planning & design is way to success.

      Take a look at previous discussions.
      http://social.technet.microsoft.com/Forums/en/winserverDS/thread/edb2bcd0-b490-44e6-b8d9-9e85c2f24d03

  2. selvaraj said

    good..points.

  3. Server Engineer said

    Hi Awinish,
    This is a great Post. Now i started visiting your blogs too in addition to technet 🙂

  4. Awinish said

    Good to hear, you find this post informative..:)

  5. Dan said

    Awinish,

    We have a 2003R2 domain and planned on upgrading to 2008. I have extended the schema using the 2008 standard media. We have added one 2008 standard DC. We have not upgraded the rest of our DC’s. So we have three 2003 DC’s and one 2008 DC in production with a 2003 functional level and a 2008 schema. We want to move to a 2008R2 domain. My question is this: do I still need to extend the schema but using adprep from the 2008R2 media? I would think so. We would add the 2008R2 DC’s and just demote the old 2003 DC’s. Any problems with this?

    Thanks, – Dan

  6. Awinish said

    Yes, you are required to run Adprep(32 or 64bit depends on OS) because the schema version of 2008 R2 is 47 which is different with windows 2008 schema version which is 44.As far as i know, there are no issues, but if you are running legacy application, you have to test in a lab first to check application compatibility with windows 2008 R2. I haven’t seen any issues with windows 2008 R2 , though test is recommended in a lab.

    For additional help you would like to post in DS forum.
    http://social.technet.microsoft.com/Forums/en-US/winserverDS/threads

  7. Purvi said

    We are planning to upgrade our Server from Windows 2000 to Windows 2008 (32 bit). Kindly let us know whether the components (old dll’s) which we used to access in Windows 2000 will be compatible to this new Windows 2008 or not?

  8. Bernie said

    Hi, we currently are at schema version 30(Windows 2003) and we begin to deploy Windows 2008 R2 member servers. We are not ready to migrate our DC’s though.

    Is this a good idea to extend our schema to enable the latest GPO for 2008 servers or we loose our time doing this?

    We currently have 17 DC’s installed across different geographical regions, but only one DC hold the FSMO roles. Do we need a complete replication after the /forestprep before doing the /adprep? How can I be sure that every DC’s are replicated after the /forestprep?

    • Awinish said

      Extending the schema will prepare the forest to allow new OS dc to be added as an domain controller and its no way going to harm your AD environment. You can do it now or when you plan to introduce both way works.
      Also, you must confirm the schema version changed to 47 from 30. You can refer my article Upgrade from Windows 2000/2003 to 2008/2008 R2 Domain for how to check.

      Jorge has article below “How to check that FORESTPREP and DOMAINPREP replicated to all DCs? ”
      http://blogs.dirteam.com/blogs/jorge/archive/2006/06/06/1094.aspx

      Thanks.

  9. Mike said

    Hi Awinish

    We are gonna add two Windows Server 2008R2 as a domain controllers in an existing Windows 2003 Server domain, with Windows server 2003 domain functional level and forest functional level.

    This is for replacing the Windows 2003 AD servers to new Windows 2008r2 instead.
    After adding the two 2008R2 servers in the AD as DC:s we intend to remove the older 2003 DC:s.

    We intend to keep on running the domain and forest functional level on 2003 in the beginning, but will raise the level to 2008 after a while.

    Are there any risks in doing this?
    Or do you have any tips of what to think of before we start?

    Thanks
    Mike

    • Awinish said

      This is perfectly fine as windows 2008 r2 supports both NTLM and NTLMv2 protocol, so no need to worry regarding functional level as it effect DC not member server.

      Also, before raising the DFL/FFL, make sure you are not running a legacy apps which might give you trouble but i haven’t seen any till now.

      Thanks
      Awinish

      • Mike said

        Hi

        Thanks for your reply, we will try to test all of our applications in our test environment first before raising DFL/FFL in production.

        Regards,
        Mike

  10. steve said

    Wow I learn a lot by reading this article. Thanks

  11. Raj said

    Great Post Awinish

  12. constant said

    hi,
    i want to do an AD upgrade from 2003 (Schema version=30) to a 2008R2 (schema version=47).
    Reading this article, it might be possible, but looking on other websites, i have to upgrade my 2003 in 2003R3 (schema version=31) before to upgrade to 2008R2.
    Can I do this migration directly?

    • Awinish said

      You can perform direct upgrade from windows 2003 to 2008 R2 and there is no requirement to upgrade the schema or DC to windows 2003 R2 first. Run adprep32.xe on FSMO role holder DC and introduce new box with windows 2008 R2 and run dcpromo directly on it.

  13. Rich said

    Nice A.D. blog. I have an empty root forest with 3 domains. 2/3 domains run 2003 DC’s and Exchange 2007. The other domain runs 2003 DC’s and Exchange 2000. I intend to leave the domain with Exchange 2000 alone and upgrade the other 2. Will this cause issues with the Exchange 2000 server?

    • Awinish said

      Exchange is forest wide role and if you do anything its surely going impact other domain. If you intend to upgrade to Exchange 2010, the min prerequisite for Exchange 2010 is FFL of windows 2003 and Exchange has to be into native mode means no more Exchange 2000 servers.The support for the Exchange 2000 is already phased out, you need to get rid of exchange 2000 ASAP to avoid security issues in your domain.

  14. David said

    Guys, i have a windows 2003 SP2 (standard or schema version 30) domain. Its running 2 versions of Exchange server enterprise, one on a member server, and the other on the current windows 2003 sp2 DC. I have introduced a windows 2003 R2 server in order to give us some backup incase the DC dies (its very old and not much money). Of course when i ran DC promo it informed me the source schema is not compatable and i would have to upgrade it to the R2 version. Do you think this is straightforward or should i be aware of any gotcha’s? I really don’t want to break exchange or the domain. Of course i will do full system state backups before i proceed.

    • Awinish said

      You need to upgrade the schema (schema version for windows 2003 R2 is 31) to be able to introduce windows 2003 R2 as an additional domain controller in the existing schema version of windows 2003 (Schema version is 30)domain. I haven’t heard or seen any issue upgrading the schema from 2003 to 2003 R2 or even higher nothing from the Exchange working perspective. If you are running a legacy application, it might create some trouble but still 2003 R2 is just an extension of windows 2003 with few additional features, so as per my experience there is not going to be any issue until you are running some very old apps.
      BTW, it is straight forward process and there shouldn’t be any issues at all.

  15. Pablo said

    I am adding a 2008R2 server to a domain controlled by a SBS2003. I ran adprep from the 2008 sp2 disc. Now when I attempt to promote to 2008 server to DC, I get an error that says I have to run adprep on the 2003 server. I tried rerunning adprep from the 2008r2 disc, but it says it is already installed. Any Suggestions?

    • Awinish said

      You need to use Adprep.exe(adprep32 or adprep depends on the OS version) tool from the windows 2008 R2 media not from windows 2008. Windows 2008 Schema version is 44 where was for windows 2008 R2 its 47.

      • naresh said

        i am having 2003r2 32bit i want to upgrade 2008r2 64 bit i have run adprep 32bit with 2008r2 cd in 2003r2 32bit i get this error when i want to run setup this installation disk is not comparable with your version of windows os.to upgrade u need the correct installation disk

        could any one help i want to upgrade from 2003r2 32bit to 2008r2 64bit

  16. Sandeep said

    Hi Awinish,

    We are in the phase of upgrading our W2k3 R2 Domain Environment to W2k8 R2 Environment. For this could you let me understand the known issues what we may face in doing so…!

    • Awinish said

      There are no know issues as per my understanding & experience. The issue can only be with legacy applications which doesn’t support 64 bit architecture or security enhancements introduced into the windows 2008 R2.
      Overall, its time to move to 2008 R2 else you will be behind in getting benefits of the technology as windows 2012 is in the race of taking you to the new world.

  17. TekServe said

    Awinish,
    I’ve a 2003 DC that doesn’t have any role assigned to it. In the forest, I’ve 2 other 2008 DCs. I want to raise the functional level to 2008.
    Can I just go ahead and perform an in-place upgrade on 2003 to Windows 2008? OR do I need some preparation work done prior to do that?
    Thank you for your time.

    • Awinish said

      Speaking truly, you can do the in-place upgrade(cross platform is not supported means upgrade of the OS from 32 to 64 bit) of the OS on the DC, but i’m not big fan of the In-place upgrade & if its the DC, my personal suggestion is demote the DC, install fresh windows 2008 on the same server & then configure it DC back, once you find it is working correctly, then raise the functional level.

      The reason i don’t recommend for the in-place upgrade are sometime drivers incompatibility, of file corruption or preexisting issue in the OS give rise to more issues which can be prevented in case of fresh installation.

  18. Ali said

    Mr.Awinish, your post encourage to migrate to 2008 on new hardware.

    We have three ADC including exchange 2003…Please would you be kind enough to explain what will be the effect on exchange if I migrate DC to new machine becoz we will remove old server once new machine become fsmo holder. Further my DHCP is also working on DC.

  19. Ali said

    Thank you so very much for the quick response!!! Infact I apologize to respond you late..

    I will follow all of your instructions carefully and will let you know the outcome once I will migrate…

    Thank you once again….

  20. PNK said

    Hi Awinish,

    We have a Domain with 2003 domain funictional level. We already have Windows 2008R2 Domain controllers in this domain. Now I have a couple of Domain controllers that are running on Windows 2003 32bit OS. But since their hardware is capable of running Windows 2008R2, and since we want to move to Windows 2008 functional level, We want to upgrade these 2003 domain controllers to windows 2008R2. But since 2008R2 is a 64 bit OS , in place upgrade is not possible so what is the best way to do this upgrade.
    Please note these Windows 2003 Domain controllers also hold the AD integrated DNS, DHCP role
    What I have planned for was to
    -Backup DHCP
    -Demote the 2003 domain controller to member server then remove it from domain
    -Install Windows 2008R2 with the same name and IP
    -Install DNS and DHCP roles
    -Promote to DC
    -Import the DHCP database

    Will these steps work or there is any better way to do this.

    Please advise
    Thanks

  21. Jamie Powell said

    Hi,

    We have two 2003 DC’s running 32 Bit OS but the hardware is 64 bit compatible and so we would like to perform an in place upgrade to 2008R2, however there is a large potential problem. The boot partitions on both servers are very small, 12GB in total size with 1-2GB in free space on both servers. I have read EVERYWHERE that the recommended free space for the boot partition has to be 14GB or more, is there any way at all to perform an in place upgrade in our scenario or are we stuck? My alternative suggestion to my manager is to convert the physical machines to VMware virtual machines in our ESX environment where we will be able to increase the size of the C drives on both during the conversion process whereby we will be left with two servers that will have adequate free space to allow the upgrade to proceed.

    What are your comments? And do you think it is a good idea to have Domain Controllers as virtual machines?

    • Awinish said

      Foremost, you can’t perform in-place upgrade of the cross architecture platform means 32 bit OS to the 64 bit OS. Secondly, if you see windows 2008 R2 & above acquires much more space due to latest patches & hotfixes being released every month. Its better to have at least 50 GB OS drive for the windows 2008 r2.
      There are no issues using VM for the DC’s until you follow the right recommendations for maintenance as well as backup.

  22. Imran said

    Hi Awinish,
    when i run adprep.exe i get error.
    E:\support\adprep>adprep.exe

    The image file E:\support\adprep\adprep.exe is valid, but is for a machine type other than the current machine. please help me

    Thank you
    Imran

    • Imran said

      Awinish

      Just for your info i am trying to migrate 2003 standard to 2008 R2 64bit. i am following the same way as mention.

      adprep.exe then adprep/forest but its give me error when i run adprep.exe.

      Thank you,
      Imran

      • Awinish said

        There are two version of the Adprep (adprep32.exe – applicable for only 32 bit OS & adprep.exe- applicable for only 64 bit OS) tool available in windows 2008 R2 media. Make sure the right version of the adprep tool is being used on the DC with the FSMO role & the adprep tool is not corrupted.

  23. akumar said

    Hey Awinish,

    I have got one forest with one child domain (forest:xyz.com and child is abc.xyz.com) which has 2003R2 and in upgrade with 2008r2 std

    I have ran adprep32.exe /forestprep and adprep32.exe /Domainprep /Gpprep on xyz.com.

    So now question is – do i still needs to run the adprep32.exe /Domainprep /Gpprep on abc.xyz.com ?

    While running what permission do i needed to run the (adprep32.exe /Domainprep /Gpprep) on abc.xyz.com, because I have one account in root domain using which
    i have ran forestprep and domainprep in the Root Doamin, but when i ran it in Child domain – it says you need to be part of Domain Admin of abc.Xyz.com,
    When i try my Account (which is part of SchemaAdmin,DomainAdmin, EnterpriseAdmin for the root domain) making a member of Child Domain Domain Admin, it wont allow me.

    Any Help would be appriciated

    Thnaks,
    Kumar

  24. Nagaraj said

    Please help me out. we have win2k3 sp2 64 bit with exchange 2007. We have to migrate to win2k8 R2. I have gone up to transferring the FSMO role between win2k3 to win2k8 R2. Win2k8 Preferred DNS server IP is configured as win2k8 ip. How can i migrate Exchange 2007 to win2k8.???

  25. naresh said

    hi awinish could u help me i have migrated 2003r2 to 2008r2 .i created dc and check replication between 2 Dc its created one user and seen in old dc its working.i have trasfer FSMO roles through ntdsutil to new server. its working but i want to check weather dc has working r not i have not demote old server just i have remove from the network and connected.2008 server given old server ip .i got these issues bleow i am send.is this issue because of not demoting ols server. suggest me…

    C:\Users\Administrator.ICREADOMAIN>DCDIAG

    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server…
    Home Server = FUSION-SERVER1
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\FUSION-SERVER1
    Starting test: Connectivity
    The host 4038b4bb-fb91-4648-a9ba-533df34a4882._msdcs.ICREADOMAIN could
    not be resolved to an IP address. Check the DNS server, DHCP, server
    name, etc.
    Got error while checking LDAP and RPC connectivity. Please check your
    firewall settings.
    ……………………. FUSION-SERVER1 failed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\FUSION-SERVER1
    Skipping all tests, because server FUSION-SERVER1 is not responding to
    directory service requests.

    Running partition tests on : ForestDnsZones
    Starting test: CheckSDRefDom
    ……………………. ForestDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ……………………. ForestDnsZones passed test
    CrossRefValidation

    Running partition tests on : DomainDnsZones
    Starting test: CheckSDRefDom
    ……………………. DomainDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ……………………. DomainDnsZones passed test
    CrossRefValidation

    Running partition tests on : Schema
    Starting test: CheckSDRefDom
    ……………………. Schema passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ……………………. Schema passed test CrossRefValidation

    Running partition tests on : Configuration
    Starting test: CheckSDRefDom
    ……………………. Configuration passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ……………………. Configuration passed test CrossRefValidation

    Running partition tests on : ICREADOMAIN
    Starting test: CheckSDRefDom
    ……………………. ICREADOMAIN passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ……………………. ICREADOMAIN passed test CrossRefValidation

    Running enterprise tests on : ICREADOMAIN
    Starting test: LocatorCheck
    ……………………. ICREADOMAIN passed test LocatorCheck
    Starting test: Intersite
    ……………………. ICREADOMAIN passed test Intersite

    C:\Users\Administrator.ICREADOMAIN>repadmin /syncall
    CALLBACK MESSAGE: Error contacting server 4038b4bb-fb91-4648-a9ba-533df34a4882._
    msdcs.ICREADOMAIN (network error): 1722 (0x6ba):
    The RPC server is unavailable.
    CALLBACK MESSAGE: Error contacting server cec19420-9cef-4668-86a3-719c823807dc._
    msdcs.ICREADOMAIN (network error): 1722 (0x6ba):
    The RPC server is unavailable.

    SyncAll exited with fatal Win32 error: 8440 (0x20f8):
    The naming context specified for this replication operation is invalid.

    C:\Users\Administrator.ICREADOMAIN>nslookup fusion-server1.icreadomain
    Server: dns-tcl-p.tatacommunications.com
    Address: 121.242.190.180

    *** dns-tcl-p.tatacommunications.com can’t find fusion-server1.icreadomain: Quer
    y refused

    C:\Users\Administrator.ICREADOMAIN>DCDIAG/test:ChecksecurityError

    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server…
    Home Server = FUSION-SERVER1
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\FUSION-SERVER1
    Starting test: Connectivity
    The host 4038b4bb-fb91-4648-a9ba-533df34a4882._msdcs.ICREADOMAIN could
    not be resolved to an IP address. Check the DNS server, DHCP, server
    name, etc.
    Got error while checking LDAP and RPC connectivity. Please check your
    firewall settings.
    ……………………. FUSION-SERVER1 failed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\FUSION-SERVER1

    Running partition tests on : ForestDnsZones

    Running partition tests on : DomainDnsZones

    Running partition tests on : Schema

    Running partition tests on : Configuration

    Running partition tests on : ICREADOMAIN

    Running enterprise tests on : ICREADOMAIN

    C:\Users\Administrator.ICREADOMAIN>
    C:\Users\Administrator.ICREADOMAIN>netdom query fsmo
    Schema master FUSION-SERVER1.ICREADOMAIN
    Domain naming master FUSION-SERVER1.ICREADOMAIN
    PDC FUSION-SERVER1.ICREADOMAIN
    RID pool manager FUSION-SERVER1.ICREADOMAIN
    Infrastructure master FUSION-SERVER1.ICREADOMAIN
    The command completed successfully.

    I HAVE SEEN RPC LDAP ERROR
    I HAVE DESABLE FIRE WALL ITS NOT WORKING AND WHEN I HAVE REMOVE OLD SERVER DNS HAS ERROR THIS MESG I GOT IN EVENTS

    eerror in even logs

    The DNS server encountered a packet addressed to itself on IP address 192.168.2.90. The packet is for the DNS name “av32bit2011.v1.bdnsrt.org.”. The packet will be discarded. This condition usually indicates a configuration error.

    Check the following areas for possible self-send configuration errors:
    1) Forwarders list. (DNS servers should not forward to themselves).
    2) Master lists of secondary zones.
    3) Notify lists of primary zones.
    4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server.
    5) Root hints.

    Example of self-delegation:
    -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com.
    -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com,
    (bar.example.microsoft.com NS dns1.example.microsoft.com)
    -> BUT the bar.example.microsoft.com zone is NOT on this server.

    Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result. If found, the subzone DNS server admin should remove the offending NS record.

    You can use the DNS server debug logging facility to track down the cause of this problem.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    THIS CMD AFTER CONNECTING OLD SERVER U CAN SEE ABOVE SAME COMMED WITH OUT CONNECTING OLS SERVER IN NETWORK.HEAR NO ERRORS…THIS BELOW MSG AFTER CONNECTING OLD SERVER

    C:\Users\Administrator.ICREADOMAIN>repadmin /syncall
    CALLBACK MESSAGE: The following replication is in progress:
    From: cec19420-9cef-4668-86a3-719c823807dc._msdcs.ICREADOMAIN
    To : 4038b4bb-fb91-4648-a9ba-533df34a4882._msdcs.ICREADOMAIN
    CALLBACK MESSAGE: The following replication completed successfully:
    From: cec19420-9cef-4668-86a3-719c823807dc._msdcs.ICREADOMAIN
    To : 4038b4bb-fb91-4648-a9ba-533df34a4882._msdcs.ICREADOMAIN
    CALLBACK MESSAGE: SyncAll Finished.
    SyncAll terminated with no errors.

    u can send to my mail id nareshpitla@ymail.com

  26. Harsha said

    Dear ,

    i have tried several time to update 2003 SP2 64bit DC to 2008 R2 , when i type CMD command i will get below eror,Adprep encountered a Win32 error. Eror code 0*2095 ple advice ..?

  27. MAK said

    Hi Awinish
    I go through your post very helpful stuff. I have few question regarding domain controller upgradaition.
    We have 2003 R2 domain controller and are geographically spread. We want to upgrade our existing domain controller 2003 R2 to window 2012.
    • Can we upgrade directly from 2003 to 2012 or gradually 2003R2 to 2008R2 and then 2012?
    • Our current schema level is 31 can we upgrade our schema before upgradation to 2008 or 2012?
    • For upgrade we just transfer FSMO roles to new domain controller 2008 or 2012 or we simply shut down our main DC 2003R2 and then seize roles on new 2008 or 2012 member DC for fallback plan?
    • Before upgdardion process start can we demote our ADC placed at site have slow link and after upgrade process complete we will promote these DC again?

    Thanks,
    MAK

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s