Microsoft KB Archive/924175

= When you run the &quot;Adprep /forestprep&quot; command to prepare Windows 2000 Active Directory for Windows Server 2003, the forest preparation operation fails =

Article ID: 924175

Article Last Modified on 8/28/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
 * Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)

-



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
When you run the Adprep /forestprep command to prepare the Microsoft Windows 2000 Active Directory directory service for Microsoft Windows Server 2003, you experience the following symptoms:  The forest preparation operation fails after it runs the 33schema file. The following information is logged in the Adprep.log file:

Entry DN: CN=inetOrgPerson,CN=Schema,CN=Configuration,DC=example,DC=com Add error on line 333: Unwilling To Perform The server side error is &quot;Schema update failed: attribute in may-contain does not exist.&quot; An error has occurred in the program.



Note The Adprep.log file is located in the %systemroot%\System32\Debug\Adprep\Logs folder.



CAUSE
This issue may occur if a third-party program has extended the Active Directory schema. You may experience this issue if you have the Cisco Call Manager program installed.



RESOLUTION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To resolve this problem, rename the Cisco Call Manager schema object, and then run the Adprep /forestprep command to prepare Active Directory for Windows Server 2003. To do this, follow these steps:  Modify the registry on the computer that holds the schema operations master role to allow for write access to the schema. For more information about how to enable write access to the schema, click the following article number to view the article in the Microsoft Knowledge Base:

216060 Registry modification required to allow write operations to schema

For more information about how to locate the computer that holds the schema operations master role, click the following article number to view the article in the Microsoft Knowledge Base:

234790 How to find servers that hold flexible single master operations roles

 Start the Active Directory Service Interfaces (ADSI) Edit tool. To do this, click Start, click Run, type adsiedit.msc, and then click OK.

Note The ADSI Edit tool is included in the Windows 2000 Support Tools. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

301423 How to install the Windows 2000 Support Tools to a Windows 2000 Server-based computer

 Connect to a domain controller if the ADSI Edit tool is not already connected to a domain controller.</li> Expand Schema [ .example.com], and then click CN=Schema, CN=Configuration, DC=example,DC=com.</li> In the right pane, right-click CN=labeledURI, and then click Properties.</li> In the Select which properties to view list, click Both.</li> In the Select a property to view list, click lDAPDisplayName.</li> In the Edit attribute box, type CISCOlabeledURI, click Set, and then click Apply.</li> In the Select a property to view list, click adminDisplayName.</li> In the Edit attribute box, type CISCOlabeledURI, click Set, and then click OK.</li> Exit the ADSI Edit tool.</li> Click Start, click Run, type ldp, and then click OK.</li> If you are not running the Ldp.exe utility from the domain controller that holds the schema operations master role, click Connect on the Connection menu, and then connect to the domain controller that holds the schema operations master role.</li> On the Connection menu, click Bind, type your credentials in the Bind dialog box, and then click OK.

Note Leave the NTLM/Kerberos check box selected.</li> On the View menu, click Tree, leave the BaseDN box blank in the Tree View dialog box, and then click OK.</li> On the Browse menu, click Modify Rdn.</li> In the Modify RDN dialog box, type CN=labeledURI,CN=Schema,CN=Configuration,DC=example,DC=com in the Old Dn box, type CN=CISCOlabeledURI,CN=Schema,CN=Configuration,DC=example,DC=com in the New Dn box, and then click Run.

Note In these entries, modify the domain component of the distinguished name to match that of your domain. For example, replace example.com with the domain components of your domain.</li> When the modification of the relative distinguished name (also known as RDN) is finished, click Close, and then restart the domain controller that holds the schema operations master role.</li> <li>Start the ADSI Edit tool, and then verify that the newly renamed CN=CISCOlabeledURI entry is present in Active Directory.</li> <li>Run the Adprep /forestprep command to prepare Active Directory for Windows Server 2003.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Keywords: kbdeployment kbtshoot kberrmsg kbprb KB924175

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.