I have a PDC (windows server 2003 Enterprise) hard drive failure. I have been able to seize all roles except the Schema on the BDC. The schema comes up with the following error:
ntdsutil
ntdsutil: roles
fsmo maintenance: quit
ntdsutil: connect to server datas.nabishi.pri
Error 80070057 parsing input - illegal syntax?
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server datas.nabishi.pri
Binding to datas.nabishi.pri ...
Connected to datas.nabishi.pri using credentials of locally logged on user.
server connections: quit
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x32(50 (Insufficient Rights).
Ldap extended error message is 00002098: SecErr: DSID-03151D80, problem 4003 (IN
SUFF_ACCESS_RIGHTS), data 0
Win32 error returned is 0x2098(Insufficient access rights to perform the operati
on.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of schema FSMO failed, proceeding with seizure ...
ldap_modify of SD failed with 0x32(50 (Insufficient Rights).
Ldap extended error message is 00000005: SecErr: DSID-03151E07, problem 4003 (IN
SUFF_ACCESS_RIGHTS), data 0
Win32 error returned is 0x5(Access is denied.)
)
fsmo maintenance:
I can see the schema using adsiedit.msc and all contents as far as I know are correct.
I can use active directory restore from an earlier backup which in the end produces the same result.
Also the controllers carry the GC, these report as un-contactable even though they show in DNS and as selected in the AD Sites and services.
I got myself a little stuck on this one, What am I doing wrong?
I have also tried the change via the active directory schema plugin (MMC) in addition to the Ntdsutil method
Any ideas, I need to restore this domain into working order, it has three BDC in the system, two dns servers
Alison