A friend of mine has asked me this question because he is trying to insert a Windows 2003 server (loaded initially as a standalone machine) into an existing Windows 2000 Active Directory and is having all kinds of problems with it. My understanding is that you should be able to insert a 2003 server into a 2000 AD no problem. I don’t usually do much systems work but I’ve done the opposite a few times…inserting a 2000 machine into a 2003 AD.
The error he’s getting is during the ‘Examining an existing AD forrest’ and its: The operation failed because: The AD installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. use the Adprep command-line tool to prepare both forest and domain.’
According to my friend he’s tried to use Adprep on the 2003 server but as there is no AD on it it doesn’t work. My suggestion to him was to use it on the 2000 server, but he indicated that wasn’t working either for him. He’s called Microsoft but they don’t seem to have a clue on this…however, when last I talked to him he had only gotten through to the first tier tech support and generally they DON’T have much of a clue.
My inclination is to tell him to basically wack the OS and reinstall the new Win. 2003 server from scratch while connected to the network, and to insert it into the AD during install. However, if there IS a problem with putting a Win 2003 server into a 2000 AD then this obviously won’t work. I’ve googled the problem but nothing hits me immediately that this shouldn’t work. Thought I’d come here as there are a few Windows guru’s on this board.
You have to run Adprep on the Windows 2000 domain controller to prepare/extend the AD schema for Windows 2003 servers. Additionally, you can’t effectively manage the 2003 server with the 2000 Adminpak…there will be issues with granting permissions to shares, among other things. And the 2003 Adminpak won’t install on a 2000 Professional machine, you have to be running XP on the administrative workstation.
If he wants it standalone he doesn’t need to do anything, just join the domain. If he’s installing AD on the 2003 machine it won’t be standalone, he is effectively upgrading the 2000 domain to 2003. Has he followed these instructions WRT adprep?
Thanks guys. He SAYS he has followed the directions running Adprep on the 2000 domain, though talking to him I’m unsure he ran it from the 2003 server CD. I’ve emailed him this thread and another thread I started on Microsofts forum so hopefully he’ll be able to make it work.
Yes, this server needs to be part of the AD domain…my understanding is that this server will be an Exchange 2003 server and so needs to be not only part of the domain but to participate in AD.
Again, thanks for the help. I actually got more out of this forum in the 2 replies I’ve gotten than I did on Microsofts forum.
I’m a developer, not an MCSE, but I do some of this stuff to help our network / hardware guys out from time to time.
Sounds to me like he’s trying to set up the 2003 box to be a DC in the 2000 domain. If so, that’s not good. Run awayy, run awayyy!
If it’s just supposed to be a member server, then the whole ADprep thing is unnecessary. Just join it to the domain & leave it at that.
If he’s also trying to upgrade the 2000 domain to be a 2003 domain at the same time with this box as the new lead DC for the conversion, well there are how-tos for that. But it isn’t a very stable process.
Ok, I got an email back from my friend…here is the error he is getting when he tries to run ADprep on the Windows 2000 PDC:
“Failed to transfer the schema FSMO role : 52 <unavailable>”
I looked this up but the message is vague. It appears to have something to do with either the DNS (which he says is fine) or being logged in as a member of Schema Admins group (he says he’s logged in as the administrator which should be in that group).
On another board someone suggested this:
"Use NTDsutil and (re)seize the schema role (you can leave it on the same server)
You would get an error then re-run it again.
Then run adprep /forestprep "
I’ve never used the NTDsutil before and when I ran it on my test server at home couldn’t make heads or tails of it. Nor do I understand WHY to run it in this situation…Microsoft doesn’t suggest that, though their suggestions make no sense either.
Anyone have any ideas? Basically to re-cap, the situation is trying to insert a Windows 2003 server into the AD of a 2000 domain. This server will be the new Exchange 2003 server so needs to be part of the AD (according to my friend anyway).
Ok, he’s upgrading his domain to 2003 Active Directory to get Exchange 2003 to run - it won’t run on 2000 Active Directory.
Have your friend run replmon (replication monitor) and verify the active directory replication is taking place between the servers and check the event log. I feel strongly that it’s the DNS also - but your friend will find out when he attempts to install Exchange 2003 - it expects your dns to be in good order. Also, for grins, visually verify that the administrator account is a member of Schema Admins on the server. Gremlins and whatnot.
Also, is your friend running the commands from the Schema Master or from some other server? If he’s running it directly on the Schema master - I doubt it would have the same error.
Please, please don’t run NTDSUTIL unless you are very comfortable with the tool - its very powerful and can cause a LOT of headaches. It’s the brute force way to fix the problems, but will not fix the problem that caused the problem, if you know what I mean.
Having had many problems like this in the past, check that DNS is Dynamic, and that ONLY dynamic dns servers are listed for each server. See this knowledgebase article that mentions that error specifically - but it sounds like you may have read it: