A Friday Active Directory puzzler

We just purchased a new server for our district's central office. Nothing super-special, just a Windows Server 2003 (for compatibility with a payroll and HRM application) install with lots of storage and a moderately speedy quad-core Xeon.

We just purchased a new server for our district's central office. Nothing super-special, just a Windows Server 2003 (for compatibility with a payroll and HRM application) install with lots of storage and a moderately speedy quad-core Xeon. The existing server is out of space, out of resources, recently lost a drive in its RAID array, and is still running Windows 2000 Server. Obviously, it's time for an upgrade.

Currently, the Windows domain that the old server controls is fairly small. There are only about 15 users, so the number of objects in the domain is quite manageable. Unfortunately, no one has managed the domain since the server was installed. User profiles are stored on the server, desktops redirected, etc., so there is a fair amount of the Active Directory structure that I'd rather not recreate.

Of course, I don't need to recreate it, right? Just run dcpromo on the new server, allow the AD to replicate, and you're good to go. Not so fast: Windows 2000 Server isn't inherently compatible with Server 2003 in terms of Active Directory, so another tool, called adprep.exe (located on your Windows Server 2003 CD) needs to be run to make the 2000 Server forest and domain compatible.

OK, with that done, there shouldn't be any problem. Lots of references around the web suggest that the remaining process will be very straightforward. However, even after server restarts (and knowing that there aren't any other domain controllers across which the updates need to replicate), running dcpromo on the new server is still generating an error message. Despite successful completion of the adprep, the new server believes that the old domain still isn't compatible. The error specifically tells me that I should run adprep on the old global catalog holder (since we only have one server in this domain/forest, it's pretty easy to figure out the correct FSMO roles).

I bring this up because I'm sure I'm not the only one updating legacy systems this summer. So what do you think? Anyone encountered this sort of problem? Anyone had luck adding Server 2003 or 2008 servers to a 2000-based domain? I have the sinking feeling that the old Active Directory database has some serious corruptions since no one has been maintaining it until I took it over this summer. Any other possible causes?

Talk back below and let us know.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All