I have a WS2008r2 domain with the next conditions:
-
Domain functional level: WS2008r2 -
Forest functional level: WS2003
I want to deploy a RODC in a remote site in the same domain, but in a WS2019.
When I execute “adprep /rodcprep” on the main domain, I have this error:
D:\support\adprep>adprep /rodcprep
Adprep connected to the domain FSMO: XXX-DC01.XXX.XXX.
==============================================================================
Adprep found partition DC=DomainDnsZones,DC=XXX,DC=XXX, and is about to update the permissions.
Adprep could not contact a replica for partition DC=DomainDnsZones,DC=XXX,DC=XXX.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=DomainDnsZones,DC=XXX,DC=XXX. Skipping to next partition.
==============================================================================
==============================================================================
Adprep found partition DC=ForestDnsZones,DC=XXX,DC=XXX, and is about to update the permissions.
Adprep could not contact a replica for partition DC=ForestDnsZones,DC=XXX,DC=XXX.
Adprep encountered an LDAP error.
Error code: 0x0. Server extended error code: 0x0, Server error message: (null).
Adprep failed the operation on partition DC=ForestDnsZones,DC=XXX,DC=XXX. Skipping to next partition.
==============================================================================
Adprep detected the operation on partition DC=XXX,DC=XXX has been performed. Skipping to next partition.
==============================================================================
Adprep completed with errors. Not all partitions are updated. See the ADPrep.log
in the C:\Windows\debug\adprep\logs\20211020101000 directory for more information.
To successfully update all partitions, the currently logged-on user needs to be a member of the Enterprise Admins group. If that is not the case, please correct the problem, and then restart Adprep.
The forest functional level I can’t up at this moment because there are applications that are in WS2003 servers.
Is there any way to configure RODC on WS2019?
Thank you so much.
• Since your forest functional level operates on Windows Server 2003 which is retired actively by Microsoft due to which nor its updates and support is available. Thus, due to this, would recommend you upgrade your domain functional level to Windows Server 2012 R2 and the forest functional level to Windows Server 2008 compatibility level. Though, due to some application and process related dependency, many organizations continue to work and rely on these functional levels.
• Thus, for installing a domain controller on Windows Server 2019 OS, the minimum forest functional level needed in the environment is Windows Server 2008. Also, you can set the domain functional level to a value that is higher than the forest functional level, but you cannot set the domain functional level to a value that is lower than the forest functional level, so the domain functional level value is always set a level higher than the forest functional level.
You can upgrade the forest functional level in your environment from Windows Server 2003 to Windows Server 2008 and domain functional level from Windows Server 2008 to Windows Server 2012 by referring the below article: -
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/raise-active-directory-domain-forest-functional-levels
• Though for the error that you are receiving, you can try migrating the old sysvol FRS replication to DFSR and do a metadata cleanup for the orphaned partition using the ‘remove nc’ parameter of the Dsmgmt tool. For more information, please refer the below documentation links: -
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/error-run-adprep-rodcprep-command
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc730970(v=ws.10)?redirectedfrom=MSDN