unable to domain prep for windows 2012r2 rodc

Hi all,

I need to prepare my root domain in order to add windows 2012 r2 rodc.

The domain prep complete without success.

Adprep completed with errors. Not all partitions are updated. See the ADPrep.log in the C:\Windows\debug\adprep\logs\20150828085044 directory for more information.
To successfully update all partititions, the specified user needs to be a member of Enterprise Admins group.  If that is not the case, please correct the problem, and then restart Adprep.

Looking this log I have error

Adprep found partition DC=DomainDnsZones,DC=solfrance-fr,DC=solworld,DC=com, and is about to update the permissions.
[2015/08/28:08:50:49.661]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=DomainDnsZones,DC=solfrance-fr,DC=solworld,DC=com.
[2015/08/28:08:50:49.708]
LDAP API ldap_search_s() finished, return code is 0xa
[2015/08/28:08:50:49.723]
Adprep was unable to modify the security descriptor on object DC=DomainDnsZones,DC=solfrance-fr,DC=solworld,DC=com.

[Status/Consequence]

ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).

[User Action]

Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20150828085044 directory for more information.
[2015/08/28:08:50:49.723]
Adprep encountered an LDAP error.

Error code: 0xa. Server extended error code: 0x202b, Server error message: 0000202B: RefErr: DSID-03100742, data 0, 1 access points
    ref 1: 'DomainDnsZones.solfrance-fr.solworld.com'



DSID Info:
DSID: 0x180e0a08
ldap error = 0xa
NT BUILD: 9600
NT BUILD: 16384

[2015/08/28:08:50:49.739]
Adprep failed the operation on partition DC=DomainDnsZones,DC=solfrance-fr,DC=solworld,DC=com. Skipping to next partition.

==============================================================================
[2015/08/28:08:50:49.739]
Adprep encountered an LDAP error.

Error code: 0xa. Server extended error code: 0x202b, Server error message: 0000202B: RefErr: DSID-03100742, data 0, 1 access points
    ref 1: 'DomainDnsZones.solfrance-fr.solworld.com'



DSID Info:
DSID: 0x180e0a08
ldap error = 0xa
NT BUILD: 9600
NT BUILD: 16384

[2015/08/28:08:50:49.754]

I also run a dcdiag and I have some error regarding my child domain solfrance-fr.solworld.com

Into this child domain I am also not able to create dns ad integrated zone and I have this error on two of the 4 domain controller of this child domain into dns event viewer:

The DNS server encountered error 9002 attempting to load zone . from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

Thanks to all,

Best regards,

Manuel

September 1st, 2015 8:16am

Hi Manuel,
 
For the ADPREP Errors above, Adprep fails due to insufficient permissions. Which user account are you using to run Adprep? Please make sure current user account is in the Domain Admins and Enterprise Admins groups, then try again.
 
For the specific DNS server error, please try to run "dnscmd /config /BootMethod" from a command prompt and see if it works.
 

Regards,

Eth

Free Windows Admin Tool Kit Click here and download it now
September 4th, 2015 1:34am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics