Share via

Adprep error (server 2012 r2 to 2019)

Nisam Ali 1 Reputation point
2022-01-20T14:09:32.02+00:00

Dear Team,

We have 3 DC's with 2012r2 installed. I am planning 2012r2 dc to 2019 in-place upgrade.

For the first step, I ran ADPREP /forestprep CMD in a DC and it returned with the error = adprep failed to verify whether schema master has completed a replication cycle after last reboot --- ADPREP encounter an ldap error.

I have checked the administrator rights and have all rights schema. enterprise etc.

Here I am trying this from a test machine (I have restored an image backup to the test server) and this machine doesn't have access to any network or to other DC's. Please help me to solve this issue.

Windows for business | Windows Server | User experience | Other

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-01-20T14:23:12.337+00:00

    Do not do an in-place upgrade.

    The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR
    https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019 or 2022, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  2. Anonymous
    2022-01-21T04:29:01.783+00:00

    This is very difficult because I have 100 + users and files

    Not sure what you mean by this. I'm not suggesting to start over with a new domain. A migration as I mentioned above is the much safer / cleaner method to upgrade the existing domain.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  3. Limitless Technology 39,926 Reputation points
    2022-01-21T09:43:02.63+00:00

    Hello NisamAli,

    I Have experienced the same issue: In my case the problem was that local administrators of that child domain did not have any permissions on Group Policy object of the domain controller. By default they should have Full Control. (Admins of root domain did have this permission.) So when local "domain admins" were added in the Security tab of Group Policy, ADPrep /domainprep could run without a problem.

    Additionally I need to point out, that the issue may be happening because you are trying the operation in a restored image that has no connection or replication the rest of the domain, so in theory the error is correct to complain about the LDAP issue. In the normal environment, the error should not happen normally.

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.