Forum Discussion
ajaidka
Apr 17, 2024Copper Contributor
Problem with in-place upgrade of windows server 2016 to 2022
Hello, I am having issues while trying to upgrade the servers. We have two Windows Server 2016 Domain Controllers. AD, DNS, NPAS roles are installed on the DCs. I have built a new 2022 Server. I was trying to upgrade the schema by running ADprep /forestprep and ADprep /domainprep on Primary DC that holds the schema master role. I am constantly getting this error. I have tried everything and checked all the permissions.
Here is the output of my ADprep execution:
PS D:\support\adprep> .\adprep.exe /forestprep
ADPREP WARNING:
Before running adprep, all Windows Active Directory Domain Controllers in the forest must run Windows Server 2003 or later.
You are about to upgrade the schema for the Active Directory forest named 'amii.ca', using the Active Directory domain controller (schema master) 'AVMVPRDMFT
ADS01.amii.ca'.
This operation cannot be reversed after it completes.
[User Action]
If all domain controllers in the forest run Windows Server 2003 or later and you want to upgrade the schema, confirm by typing 'C' and then press ENTER to co
ntinue. Otherwise, type any other key and press ENTER to quit.
C
Current Schema Version is 87
Upgrading schema to version 88
Verifying file signature
Connecting to "AVMVPRDMFTADS01.amii.ca"
Logging in as current user using SSPI
Importing directory from file "D:\support\adprep\sch88.ldf"
Loading entries...
Add error on entry starting on line 26: Insufficient Rights
The server side error is: 0x2098 Insufficient access rights to perform the operation.
The extended server error is:
00002098: SecErr: DSID-031514A0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
2 entries modified successfully.
An error has occurred in the program
ERROR: Import from file D:\support\adprep\sch88.ldf failed. Error file is saved in C:\Windows\debug\adprep\logs\20240416200415\ldif.err.88.
If the error is "Insufficient Rights" (Ldap error code 50), please make sure the specified user has rights to read/write objects in the schema and configurat
ion containers, or log off and log in as an user with these rights and rerun forestprep. In most cases, being a member of both Schema Admins and Enterprise A
dmins is sufficient to run forestprep.
Adprep was unable to upgrade the schema on the schema master.
[Status/Consequence]
The schema will not be restored to its original state.
[User Action]
Check the Ldif.err log file in the C:\Windows\debug\adprep\logs\20240416200415 directory for detailed information.
Adprep was unable to update forest information.
[Status/Consequence]
Adprep requires access to existing forest-wide information from the schema master in order to complete this operation.
[User Action]
Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20240416200415 directory for more information.
Please advise.
Thank you
- Kindly request to open a support request. Have seen similar error for Windows Server 2025 preview and wrote about it in the Insiders techcommunity