Hi,
I need to replace my current DC with new one and I want to degrade current DC to backup (second DC).
My current DC is:
- Windows 2003 SP2 x86, language: PL
- Domain functional Level: 2003
- Forest functional level: 2003
- AD schema version: 47
My new DC is:
- Windows 2008 R2 SP1 x64, language: EN
My plan is: promote new DC as additional DC for an existing DC, transfer FSMO, DHCP, etc...
But during promotion I have an error:
On current DC I executed adprep32.exe (from install CD of Windows 2008 R2) with /domainprep option but I had errors:
Adprep was unable to modify the security descriptor on object CN=IP Security,CN=System,DC=main,DC=domain,DC=local. [Status/Consequence] ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE). Adprep encountered an LDAP error. Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=System,DC=main,DC=domain,DC=local' . Adprep was unable to update domain information. [Status/Consequence] Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.
Could this be due to differed language versions on current DC and new DC?