I have a single domain server running Server 2003 running a 2003 functional level domain. I am trying to add a server 2008 R2 machine to be another domain controller, with the intention of promoting it to be the primary, and taking off the server 2003 machine.
I am required to run adprep /forestprep on the Server 2003 machine. When I run it, it fails with the following errors:
Adprep failed to verify whether schema master has completed a replication cycle after last reboot.
[Status/Consequence]
The schema is not upgraded.
[User Action]
Check the log file ADPrep.log in the C:\WINDOWS\debug\adprep\logs\20101109153331 directory for possible cause of failure.
Adprep encountered an LDAP error.
Error code: 0x32. Server extended error code: 0x2098, Server error message: 00002098: SecErr: DSID-03151D7D, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
I have confirmed that the user account I am using to run ADPREP, mydomain\administrator, is in the Schema Admins, Enterprise Admins, and Domain admins group.
Attempting to figure out what is with the replication, running repadmin /showrepl
repadmin running command /showrepl against server localhost
Default-First-Site-Name\SERVERNEW
DC Options: IS_GC
Site Options: (none)
DC object GUID: 0657168e-d854-48d8-a40a-dea3e41e6e87
DC invocationID: 0657168e-d854-48d8-a40a-dea3e41e6e87
Anyone know how to fix this error? Would raising the domain and forest to a 2003 functional level have any likelihood of working? While just making a new domain from scratch and typing in all the user names and stuff again isn't a deal breaker because we only have about 15 users, it would still be a big pain.
Thanks
Best Answer
The adprep error mentions ldap access rights...
Lifted from here.