Hi, I am trying to extend Schema for Bitlocker on Windows 2003 SP1 DC, using Domain Admin account nd Schema Admin priviledge. I am getting below error when I run this command "ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=nttest,dc=microsoft,dc=com" -k -j . Connecting to "GBHADC1.MMGAD.local" Logging in as current user using SSPI Importing directory from file "BitLockerTPMSchemaExtension.ldf" Loading entries 1: CN=ms-TPM-OwnerInformation,CN=Schema,CN=Configuration,DC=GBHADC1,dc=RRG AD,dc=local Object does not exist, entry skipped 2: CN=ms-FVE-RecoveryGuid,CN=Schema,CN=Configuration,DC=GBHADC1,dc=MMGAD,d c=local Object does not exist, entry skipped 3: CN=ms-FVE-RecoveryPassword,CN=Schema,CN=Configuration,DC=GBHADC1,dc=RRG AD,dc=local Object does not exist, entry skipped 4: (null) Entry modified successfully. 5: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,DC=GBHADC1,dc= MMGAD,dc=local Add error on line 111: No Such Attribute The server side error is "The parameter is incorrect." 1 entry modified successfully. An error has occurred in the program Cheers, J

Hi, I would like to suggest you remove the DC name ("DC=X") and run the command: ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=nttest,dc=microsoft,dc=com" -k -j directly on the schema operations master with the schema admin account. For more information, please refer to the following Microsoft TechNet article: BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory http://technet.microsoft.com/en-us/library/cc766015(WS.10).aspx Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, After removing the DC=X from the command, I am seeing different error message -: Add error on line 38: Referral The server side error is "A referral was returned from the server." 0 entries modified successfully. An error has occurred in the program. I am running Windows 2003 SP1 Edition on a VM, also registered schmmgmt.dll just to cover all angles. ======= ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=TestDC,DC=local" -k -j . Below is the output from DcDiag - Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine GBDC1, is a DC. * Connecting to directory service on server GBDC1. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 1 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\GBDC1 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... GBDC1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\GBDC1 Test omitted by user request: Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Test omitted by user request: NCSecDesc Test omitted by user request: NetLogons Test omitted by user request: Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local Role Domain Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local Role PDC Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local Role Rid Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local Role Infrastructure Update Owner = CN=NTDS Settings,CN=GBDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TestDC,DC=local ......................... GBDC1 passed test KnowsOfRoleHolders Test omitted by user request: RidManager Test omitted by user request: MachineAccount Test omitted by user request: Services Test omitted by user request: OutboundSecureChannels Test omitted by user request: ObjectsReplicated Test omitted by user request: frssysvol Test omitted by user request: frsevent Test omitted by user request: kccevent Test omitted by user request: systemlog Test omitted by user request: VerifyReplicas Test omitted by user request: VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : ForestDnsZones Test omitted by user request: CrossRefValidation Test omitted by user request: CheckSDRefDom Running partition tests on : DomainDnsZones Test omitted by user request: CrossRefValidation Test omitted by user request: CheckSDRefDom Running partition tests on : Schema Test omitted by user request: CrossRefValidation Test omitted by user request: CheckSDRefDom Running partition tests on : Configuration Test omitted by user request: CrossRefValidation Test omitted by user request: CheckSDRefDom Running partition tests on : TestDC Test omitted by user request: CrossRefValidation Test omitted by user request: CheckSDRefDom Running enterprise tests on : TestDC.local Test omitted by user request: Intersite Test omitted by user request: FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS Any help will be appreciated. Thanks. Cheers, J

Great its sorted, someone had same issue and fix was posted in that forum. Thanks. Cheers, J

What the Fix...send the link. Please. the fix I got is to change commandline to: "ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "dc=microsoft,dc=com" -k -j .I just removered the domain controller name (see bold)"ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=nttest,dc=microsoft,dc=com" -k -j .