Bitlocker extending Schema for Windows 2003 Sp1
Hi,
I am trying to extend Schema for Bitlocker on Windows 2003 SP1 DC, using Domain Admin account nd Schema Admin priviledge.
I am getting below error when I run this command "ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=nttest,dc=microsoft,dc=com" -k -j .
Connecting to "GBHADC1.MMGAD.local"
Logging in as current user using SSPI
Importing directory from file "BitLockerTPMSchemaExtension.ldf"
Loading entries
1: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=GBHADC1,dc=RRG
AD,dc=local
Object does not exist, entry skipped
2: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=GBHADC1,dc=MMGAD,d
c=local
Object does not exist, entry skipped
3: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=GBHADC1,dc=RRG
AD,dc=local
Object does not exist, entry skipped
4: (null)
Entry modified successfully.
5: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=GBHADC1,dc=
MMGAD,dc=local
Add error on line 111: No Such Attribute
The server side error is "The parameter is incorrect."
1 entry modified successfully.
An error has occurred in the program
Cheers, J
November 6th, 2010 4:16pm
Hi,
I would like to suggest you remove the DC name ("DC=X") and run the command:
ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=nttest,dc=microsoft,dc=com" -k -j
directly on the schema operations master with the schema admin account.
For more information, please refer to the following Microsoft TechNet article:
BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory
http://technet.microsoft.com/en-us/library/cc766015(WS.10).aspx
Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 8th, 2010 12:14pm
Hi,
After removing the DC=X from the command, I am seeing different error message -:
Add error on line 38: Referral
The server side error is "A referral was returned from the server."
0 entries modified successfully.
An error has occurred in the program.
I am running Windows 2003 SP1 Edition on a VM, also registered schmmgmt.dll just to cover all angles.
=======
ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=TestDC,DC=local" -k -j .
Below is the output from DcDiag -
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GBDC1, is a DC.
* Connecting to directory service on server GBDC1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GBDC1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... GBDC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GBDC1
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local
Role Domain Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local
Role PDC Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local
Role Rid Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local
......................... GBDC1 passed test KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : TestDC
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running enterprise tests on : TestDC.local
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Any help will be appreciated.
Thanks.
Cheers, J
November 8th, 2010 12:50pm
Great its sorted, someone had same issue and fix was posted in that forum.
Thanks.
Cheers, J
Free Windows Admin Tool Kit Click here and download it now
November 8th, 2010 5:09pm
What the Fix...send the link. Please.
the fix I got is to change commandline to:
"ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "dc=microsoft,dc=com" -k -j .I just removered the domain controller name (see bold)"ldifde -i -v -f BitLockerTPMSchemaExtension.ldf
-c "DC=X" "DC=nttest,dc=microsoft,dc=com" -k -j .
July 1st, 2011 3:53pm