Microsoft KB Archive/934255

= Applications that use schema information may not work after you install Active Directory on a Windows Server 2003 R2-based computer =

Article ID: 934255

Article Last Modified on 4/6/2007

-

APPLIES TO


 * Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
 * Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)

-



SYMPTOMS
You install the Active Directory directory service on a newly installed Microsoft Windows Server 2003 R2-based computer to create a new Active Directory forest. However, after you do this, applications that use the nisMap schema classes or the ipServiceProtocol schema classes may not work. This problem occurs even though the same applications work in a Windows Server 2003 R2-based Active Directory forest that has been upgraded from Windows Server 2003 or from Microsoft Windows 2000.



CAUSE
This problem occurs because the Active Directory database file (Ntds.dit) does not include the new object classes and the attributes for the Windows Server 2003 R2 schema update. When you upgrade Windows Server 2003-based domain controllers or Windows 2000-based domain controllers to Windows Server 2003 R2, you use the Adprep tool to upgrade Active Directory. All the schema update information that is required during the upgrade process is defined in the Sch31.ldf file. This file is located in the Cmpnents\R2\Adprep folder on the Windows Server 2003 R2 installation CD.

When you install Active Directory on a newly installed Windows Server 2003 R2-based server, a new Active Directory database file (Ntds.dit) is created. This database file is created from the Ntds.dit file that already exists in the %systemroot%\System32 folder. The schema that is created for the newly installed Active Directory forest is supposed to include all the changes that are included for the schema of an upgraded Active Directory forest. However, in this case, the schema update information that is included in the Sch31.ldf file is not copied to the schema of the newly created Active Directory database file (Ntds.dit). Therefore, the schema of the newly installed Window Server 2003 R2 Active Directory forest differs from the schema of an upgraded Windows Server 2003 R2 Active Directory forest.



RESOLUTION
To resolve this problem, first create a schema update file that contains all the required changes to update the Active Directory schema of the newly created Windows Server 2003 R2 Active Directory forest. Then, run this file to update the Active Directory schema. To do this, follow these steps:  Log on to the computer as a user who is a member of the Schema Admins security group. Click Start, click Run, type notepad.exe, and then click OK.  Copy the following section of code into the Notepad file.

Important You must copy the code exactly as you see it here. Modification of .ldf files may cause irreversible changes and forest-wide failure. dn: changetype: modify add: schemaUpgradeInProgress schemaUpgradeInProgress: 1 -
 * 1)   Copyright 2007 Microsoft Corporation
 * 2)   MODULE:     r2BaseInstallSchemaFix.ldf
 * 3)   ABSTRACT:   Fix Schema Attributes From Skeleton Database
 * 4)               Schema update for Windows Server 2003 R2 clean
 * 5)               install forests. Includes last minute updates
 * 6)               to ADPrep schema for upgrades that were omitted
 * 7)               from the skeleton NTDS.DIT file
 * 8)               This file redefines the CN=IpService classSchema
 * 9)               object, so the forest must be at Windows Server
 * 10)               2003 Forest Functional Level (FFL).
 * 11)   COMMAND: ldifde -i -f r2baseinstallschemafix.ldf -c DC=X DC=domain,DC=com
 * 1)               This file redefines the CN=IpService classSchema
 * 2)               object, so the forest must be at Windows Server
 * 3)               2003 Forest Functional Level (FFL).
 * 4)   COMMAND: ldifde -i -f r2baseinstallschemafix.ldf -c DC=X DC=domain,DC=com
 * 1)   COMMAND: ldifde -i -f r2baseinstallschemafix.ldf -c DC=X DC=domain,DC=com

dn: CN=Device,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: systemPossSuperiors systemPossSuperiors: domainDNS -

dn: CN=IpHost,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: mayContain mayContain: manager -

dn: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: possSuperiors possSuperiors: domainDNS possSuperiors: nisMap - replace: mayContain mayContain: manager -

dn: CN=IpServiceProtocol,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify replace: isSingleValued isSingleValued: FALSE -

dn: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: possSuperiors possSuperiors: domainDNS possSuperiors: nisMap -

dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: possSuperiors possSuperiors: domainDNS possSuperiors: nisMap -

dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: possSuperiors possSuperiors: domainDNS possSuperiors: nisMap -

dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: possSuperiors possSuperiors: domainDNS possSuperiors: nisMap -

dn: CN=NisMap,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: possSuperiors possSuperiors: domainDNS possSuperiors: nisMap -

dn: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: possSuperiors possSuperiors: domainDNS possSuperiors: nisMap -

dn: CN=NisObject,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: possSuperiors possSuperiors: domainDNS possSuperiors: nisMap -

dn: CN=OneRPC,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify add: possSuperiors possSuperiors: domainDNS possSuperiors: nisMap -

dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 -

dn: CN=IpService,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaModify replace: isDefunct isDefunct: TRUE -

dn: CN=IpService,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemamodrdn newrdn: CN=IpServiceDefunct deleteoldrdn: 1

dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 -

dn: CN=IpService,CN=Schema,CN=Configuration,DC=X changetype: ntdsSchemaAdd objectClass: classSchema ldapDisplayName: ipService adminDisplayName: ipService adminDescription: Abstraction of an Internet Protocol service. governsId: 1.3.6.1.1.1.2.3 objectClassCategory: 1 rdnAttId: 2.5.4.3 subClassOf: 2.5.6.0 mustContain: 2.5.4.3 mustContain: 1.3.6.1.1.1.1.15 mustContain: 1.3.6.1.1.1.1.16 mayContain: 1.3.6.1.1.1.1.26 mayContain: 1.2.840.113556.1.6.18.1.323 mayContain: 1.2.840.113556.1.6.18.1.339 mayContain: 1.2.840.113556.1.6.18.1.309 mayContain: 2.5.4.13 possSuperiors: 2.5.6.5 possSuperiors: 1.2.840.113556.1.3.23 possSuperiors: 1.3.6.1.1.1.2.9 possSuperiors: 1.2.840.113556.1.5.67 schemaIdGuid:: 3/oXJZf6rUid5nmsVyH4ZA== defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU) showInAdvancedViewOnly: TRUE defaultHidingValue: TRUE systemOnly: FALSE defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,DC=X

dn: changetype: modify add: schemaUpdateNow schemaUpdateNow: 1 - On the File menu, click Save, and then follow these steps in the Save As dialog box:  In File name box, type %userprofile%\R2baseinstallschemafix.ldf . In Save as type list, click All Files. In the Encoding list, click Unicode.</li> Click Save.</li> Exit Notepad.</li></ol> </li> Run the R2baseinstallschemafix.ldf file. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type cmd, and then click OK.</li> At a command prompt, type the following commands. Press ENTER after each command.
 * 1)   NOTE: The last line in this file must be empty </li>

cd %userprofile%

ldifde -i -f r2baseinstallschemafix.ldf -c DC=X &quot; &quot;

Note In the second command, DC=X is a case-sensitive constant. Also, the domain name path for the root domain must be enclosed in quotation marks. For example, the command syntax for an Active Directory forest whose forest root domain is Contoso.com would be as follows:

ldifde -i –f r2baseinstallschemafix.ldf -c DC=X &quot;dc=contoso,dc=com&quot;

</li></ol> </li> Close the command prompt.</li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbexpertiseadvanced kbtshoot KB934255

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.