Categories
News

ADPREP Error – Promoting Windows Server 2016 in 2008 R2 Forest/domain

When promoting a Windows Server 2016 to DC, adprep fails with an error that an attribute or value already exists. I am unsure if I caused this by attemping to add mutiple DC’s at the same time (race condition).

Error: The DN is CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=.

The error logs were located: C:\Windows\debug\adprep\logs\

Entry DN: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=<domain>
changetype: modify
Attribute 0) appliesTo:7b8b558a-93a5-4af7-adca-c017e67f1057

Add error on entry starting on line 1: Attribute Or Value Exists

The server side error is: 0x2083 The specified value already exists.

The ADPrep log will point you to a ldif.err log which details the objects which are causing conflict and preventing this update.

Using ADSIEdit remove the conflicting GUID’s located under the Configuration

1: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

2: CN=Receive-As,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

3: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

4: CN=Public-Information,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

5: CN=Validated-SPN,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

6: CN=Allowed-To-Authenticate,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

7: CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

Once removed rerun your domain controller promotion again

2 replies on “ADPREP Error – Promoting Windows Server 2016 in 2008 R2 Forest/domain”

I am unable to find bellow entry in ADSI edit to remove
CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

Please advise how to locate this entry

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.