Unable to promote domain controller

Question

Hi,

I am currently migrate active directory from Zentyal (A samba running active directory) to a real windows server

At the beginning the forest & domain level are 2003

I joined the windows server 2019 to the domain, then I installed ADDS role
To promote as DC i first had to raise the level of the forest and domain, then using the built in domain administrator account I promote the server as DC

I pass the prerequisites check -> install and i get this error :

ADPrep execution failed --> System.ComponentModel.Win32Exception (0x80004005): A device attached to the system is not functioning

The logs :

If the error is "Insufficient Rights" (Ldap error code 50), please make sure the specified user has rights to read/write objects in the schema and configuration containers, or log off and log in as an user with these rights and rerun forestprep. In most cases, being a member of both Schema Admins and Enterprise Admins is sufficient to run forestprep.
[2021/04/21:16:17:41.992]
Adprep was unable to upgrade the schema on the schema master.

[Status/Consequence]

The schema will not be restored to its original state.

[User Action]

Check the Ldif.err log file in the C:\Windows\debug\adprep\logs\20210421161740 directory for detailed information.
[2021/04/21:16:17:41.992]
Adprep was unable to update forest information.

On C:\Windows\debug\adprep\logs\20210421161740

Entry DN: CN=ms-DS-Members-Of-Resource-Property-List,CN=Schema,CN=Configuration,DC=domain,DC=domain
Add error on entry starting on line 1: Unwilling To Perform
The server side error is: 0x2035 The server is unwilling to process the request.
The extended server error is:
00002035: schema_data_add: updates are not allowed: reject request
An error has occurred in the program

Any idea ?

Thanks
Max

Answer 1

At the beginning the forest & domain level are 2003 I joined the windows server 2019 to the domain, then I installed ADDS role

The two prerequisites to introducing the first 2019 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

--please don't forget to Accept as answer if the reply is helpful--

Answer 2

Hi, sorry i forgot to mention that i raised the level of the domain and forest to 2008 R2

The issue i think is that the current DC is a linux samba based (Zentyal) , so i cannot use powershell commands on it

Answer 3

Looks like you might need 2008 R2 domain controller as first step.
https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD

--please don't forget to Accept as answer if the reply is helpful--

Answer 4

Hi,
Welcome to share here!

The minimum requirement to add a Windows Server 2019 Domain Controller is a Windows Server 2008 functional level. The domain also has to use DFS-R as the engine to replicate SYSVOL.
This means that if the 2003 DCs are used in the domain, we need to perform the following steps before adding the 2019 DC.
Make sure the DCs are working well, and the replication is good.
Add 2008/2012/2016 DCs into domain.
Transfer the FSMO role to new DCs.
Demote the old 2003 DCs.
Raise the function level to 2008 or higher.
Migrate FRS to DFSR:
https://learn.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr

Confirm everything works well and add the 2019 DCs.

Best Regards,

Answer 5

Any progress or updates?

--please don't forget to Accept as answer if the reply is helpful--