0

I have an OLD Intel server socket 478 DDR running Windows Server 2003 EE SP2 as Primary DC and DNS. In order to migrate to server 2016 and discard this old hardware and server version I did: 1- installed a new Windows server 2016 to create a Secondary DC. 2- I added it to the Domain with no issues. 3- The old server 2003 it is already operating at the highest possible functional level: Windows server 2003. 4- Added an Active Directory Domain Services at the new Server 2016 5- When trying to promote the new server 2016 as a Domain Controller I get this error message:

"Verification of replica failed. The forest functional level is Windows 2000. To install a Windows Server 2016 Domain or Domain Controller, the forest functional level must be Windows Server 2003 or higher."

When running the adprep32 /forestprep I get this message:

"Adprep was unable to check the forest update status. [Status/Consequence] Adprep queries the directory to see if the forest has already been prepared. If the information is unavailable or unknown, Adprep proceeds without attempting this operation. [User Action] Restart Adprep and check the ADPrep.log file. Verify in the log file that this forest has already been successfully prepared. Adprep encountered an LDAP error. Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Servers,CN=Site-PHAV,CN=Sites,CN=Configuration,DC=phav,DC=cubacatering,DC=avianet,DC=cu'."

The user I logged is part of the Domain Admins, Enterprise Admins and Schema Admins group.

Please HELP!!

Rodolfo Valenti
  • 1

2 Answers2

2

You said "the old server 2003 it is already operating at the highest possible functional level: Windows server 2003"; but have you checked if this is actually true for both the domain and the forest? They can have different settings (i.e. a 2003-level domain in a 2000-level forest).

You can check both levels in the AD Domains & Trusts console (pictures here).

Massimo
  • 70,200
  • 57
  • 200
  • 323
0

You have two issues. Firstly, you need to raise the AD Forest and domain functional level - you might have Windows 2003 server running as a domain controller but your AD forest is still at the Windows 2000 functional level.

To do this:

  • Open the Active Directory Domains and Trusts snap-in.
  • In the left pane, browse to the domain/forest you want to raise, right-click it, and select Raise Domain/forest Functional Level.
  • Select the new functional level you want to set and click OK.
  • After a few seconds you should see a message stating whether the operation was successful.

Secondly, you can't get there from here. If I remember rightly, AD 2003 domain functional level doesn't support Windows 2016 or higher, meaning there's no direct route between the two. Also see here. This means you'll need to do a two-step migration, migrate from Windows 2003 to Windows 2012R2 DCs, raising the domain functional level as appropriate, then migrate from Windows 2012R2 to Windows 2016 DCs.

Rob Moir
  • 31,884
  • 6
  • 58
  • 89
  • The second part of your answer is wrong, see https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers: "Windows Server 2016 requires a Windows Server 2003 forest functional level [...] Windows 2000 domain controllers must be removed prior to adding Windows Server 2016 domain controllers to your forest". – Massimo Jun 13 '19 at 20:39
  • interesting @Massimo - the docs article I linked to doesn't seem entirely in line with that unless I've misunderstood? – Rob Moir Jun 13 '19 at 20:41
  • Yes, the article you linked seems to say that a 2003 functional level doesn't support 2016 DCs; however, not only the article I linked says the opposite, but I can also confirm that it works (I have personally upgraded a domain from 2003 to 2016 with no intermediate steps). – Massimo Jun 13 '19 at 20:47