+ Post New Thread
Results 1 to 9 of 9
Windows Server 2008 R2 Thread, ADPrep and Services for Unix in Technical; Hello all! I am having great fun today trying to run this one single command.... adprep /forestprep! My issue seems ...
  1. #1
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,355
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60

    ADPrep and Services for Unix

    Hello all!

    I am having great fun today trying to run this one single command.... adprep /forestprep!

    My issue seems to lie with the services for unix (not sure which version or how to check to be honest) and its incompatability with the schema extensions on the new 2008r2 adprep program.

    FIX&#58 Error message when you try to prepare the Active Directory directory service for Windows Server 2003 R2&#58 &#34Attribute value for objects defined in Windows 2000 schema and extended schema do not match&#34

    I have tried the hotfix applied in the above article (downloaded from MS) but it seems to only rename the OID's and then causes more errors when trying to run adprep!

    This is the message I got before

    "isSingleValued" attribute value for objects defined in Windows 2000 schema and extended schema do not match.

    This is the message/messages i get now!

    OID "1.3.6.1.1.1.1.0" defined for object CN=MSSFU2x-uidNumber,CN=Schema,CN=Confi
    guration,DC=compmed,DC=ucdavis,DC=edu conflicts with the schema extensions neede
    d for Windows Server 2008.
    [Status/Consequence]
    Adprep will not extend your existing schema.
    [User Action]
    Contact the vendor of the application that extended the schema with the OID valu
    e "1.3.6.1.1.1.1.0" and resolve this inconsistency. Then run adprep again.

    Has anyone come across this and / or fixed it? It seems to be pretty deeply embedded in the AD now, (luckily this is all on a sandbox network so the production one is currently unaffected).

    I am not even sure if the SFU is still required, it was installed a long time ago by an outside agency for compatability with a version of OSx somewhere along the line hence the rather sketchy information on what version etc were installed :s

    Hope someone can help!

    James

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I'm 99% sure that SFU got integrated into part of 2003 server

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Note: The product will not install on Windows 9x or Windows XP Home Edition or Windows Vista. The product should not be installed on Windows Server 2003 R2. This is an unsupported configuration.
    Download Details - Microsoft Download Center - Windows Services for UNIX Version 3.5

    I'd try and uninstall it if it's not being used.

  4. #4
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,355
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Quite likely, although it is the AD part of it which still exists in the domain.

    From my point of view I would either like to know if disabling would have any impact (we have Apples on the network atm, although we have a mac server to deal with them, they do log on using their normal domain credentials though? and would this even allow me to adprep the forest) or if there is a version which is compatible with the adprep command?

    It would be very much preferable that we didn't have to migrate all the users onto a new domain to facilitate the update to 2008R2 as it would be quite a lot to as us all to visit all 700 machines (including 300 laptops) to rejoin them to the new domain


    Thanks in advance

    James

  5. #5
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,355
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    In fact it has just finished uninstalling and unfortunately the OIDs are still present. It tells me to contact the product vendor... thanks microsoft...

  6. #6


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    From my point of view I would either like to know if disabling would have any impact (we have Apples on the network atm, although we have a mac server to deal with them, they do log on using their normal domain credentials though? and would this even allow me to adprep the forest) or if there is a version which is compatible with the adprep command?
    You don't Need SFU to authenticate Macs unless you are using NIS - most likely you'll use samba (Active Directory authentication) and not NIS. SFU also provided NFS, but again you'll probably use samba for this.

    If the uninstall borked, you should be able to alter the scheme using adsiedit without recreating the domain.

    We did use SFU on our 2000 domain but I honestly can't remember uninstalling it...

  7. #7
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,355
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    I think we are using AD auth and samba as you suggested. Going to try to rip out the stuff now in the sandbox environment to see what happens! How exciting!

    This is a total legacy thing from the old old macs so its a little annoying that it has cropped up now! Typical really, I had said this morning that today might be a quick one!!

  8. #8
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,355
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Right I have got ADSIEdit loaded and have found the rogue entires in the schema. To be honest I would just like to blow them away and forget about them to see if that at least solves the first issue. Now I am being told I don't have permission as a schema admin to delete the values....

    I have given the schema admin full control over the object and tried to delete and it says thatt he delete operation could not be perfomed? Apologies for the not particularly helpful error messages I am new to the ADSIEdit tool. (BTW I am performing all of this on the sandbox environment so its not going to break anything )

  9. #9
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,355
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Wel.....

    I have managed to edit the schema using ADSIedit and renamed the OIDs and CNs which are causing the issues. These changes replicated amongnst the DCs fine. The ADPrep /forestprep worked great and took around 5 minutes to run.

    I now though, seem to be getting replication errors which talk of a schema mismatch.... which to be honest is what I would expect as I am altering the schema using adprep! But I am confused about why the other DCs arent taking the schema from the schema master??

    James

SHARE:
+ Post New Thread

Similar Threads

  1. adprep and exchange
    By markman in forum Windows
    Replies: 4
    Last Post: 13th March 2007, 03:50 PM
  2. So long and thanks for all the fish...
    By acb_ in forum General Chat
    Replies: 15
    Last Post: 7th March 2007, 08:44 AM
  3. Wireless connects and drops for users
    By Disorder in forum Wireless Networks
    Replies: 3
    Last Post: 31st January 2007, 09:19 PM
  4. Replies: 1
    Last Post: 16th February 2006, 08:40 AM
  5. Client Services for Netware
    By nawbus in forum Windows
    Replies: 5
    Last Post: 12th December 2005, 02:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •