Forum Discussion
Conflicting entries in dfsr schema preventing migration from frs to dfsr
Hello,
I am having issues converting from frs to dfsr in a domain with 10 domain controllers a mix of 2012r2 and 2016 domain controllers
ForestMode : Windows2012R2Forest
DomainMode : Windows2012R2Domain
Schema version 88
In the initial phase dfsrmig /setglobalstate 1 the sysvol suscription should be created but it fails with a error 87 syntax incorrect.
I have check dfsr through dfs management and if I select add replication group to display the below is the error
There are no replication groups in this domain. The Active Directory Domain Services schema must be extended before a replication group can be added to this domain.
If i manually attempt to create a replication group I get the message below
The active directory domain service schema on domain controller xxxxxx cannot be read. This error might be caused by a schema that has not been extended or was extened improperly, An attribute schema object cannot be found.
even in powershell if I run get-dfsreplicationgroup -groupname *
The Active Directory DomainServices Schema on domain controller xxxxxx cannot be read.
I checked the schema entries using adsi edit and there a multiple cn=ms-dfsr entries that have cnf(guid) after the cn-ms-dfsr entries. I have attempted to move the schema master role but have not had any success. I have searched every forum I can find and it looks like schema entries are permanent once they are put in place. I have even opened a support ticket with microsoft support TrackingID#2503070040000116 and they have worked with me once and completely stopped responding.
My current next steps are to remove all domain controllers except for the one holding the fsmo roles in hopes possibly the schema cnf will clear or if they don't I can take snapshots/checkpoints and attempt to add the correct missing schema entries that are currently appended with the cnf(guid). I figure this way I can make a change and roll back the one domain controller to the snapshot checkpoint. Eventhough I have found some forums and articles that indicate that you can remove schema entries from the schema partition using adsi edit it isn't possible on any server os newer than 2000 server. Any guidance and recommedations that can be provided would be greatly appreciated. I have really been let down by official microsoft support as they have ignored any contact and emails after a initial working session when they had me set the domain naming contect system global settings msflags to 0 which did nothing to resolve the issue and they have avoided providing any support since then.
3 Replies
Hello,
I’m experiencing a very similar issue and I’d like to know if the person who posted this managed to resolve it—and if so, how they resolved it—because I still haven’t found a solution. In my environment, I have 3 Domain Controllers: two running Server 2008 R2 and one running Server 2012 R2. The schema version is 88, but I cannot migrate from FRS to DFSR. When I run the command, I get the error: "Error: 87 Incorrect".
I also checked the log file located in C:\Windows\Debug and I'm seeing an error similar to the one shown in the screenshot I’ve attached.
I have not figured out a resolution. Do you also have cnf entries in the schema in adsi edit. The schema version in use in this domain is also a schema version 88 which corresponds to server 2019 version. I had managed to remediate the schema conflicting entries but still had the same results. Being that you are having the same issue I am beginning to wonder if once the schema is past a 2016 version if it makes changes to dfsr that prevents the migration. If you go into dfsr management and try to view replication groups or create a replication group do you also get a error about the schema not being extended or extended incorrectly?
Also I noticed in my paticular instance the DFSR entries get made for the dcs and it is failing at creating the entry for the DFSR subscription (it never populates even after 48 hours). It would be great if Microsoft would actually work on issues that affect businesses that run their products instead of leaving customers out in the cold while they focus all their efforts on AI copilot, but I guess that will require major customer boycotting of even using copilot and Microsofts ai product and a demand to support their products currently in production.I have not figured out a resolution. Do you also have cnf entries in the schema in adsi edit. The schema version in use in this domain is also a schema version 88 which corresponds to server 2019 version. I had managed to remediate the schema conflicting entries but still had the same results. Being that you are having the same issue I am beginning to wonder if once the schema is past a 2016 version if it makes changes to dfsr that prevents the migration. If you go into dfsr management and try to view replication groups or create a replication group do you also get a error about the schema not being extended or extended incorrectly?
