Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Applications that use schema information may not work after you install Active Directory on a Windows Server 2003 R2-based computer

Applications that use schema information may not work after you install Active Directory on a Windows Server 2003 R2-based computer

View products that this article applies to.

Symptoms

You install the Active Directory directory service on a newly installed Microsoft Windows Server 2003 R2-based computer to create a new Active Directory forest. However, after you do this, applications that use the nisMap schema classes or the ipServiceProtocol schema classes may not work. This problem occurs even though the same applications work in a Windows Server 2003 R2-based Active Directory forest that has been upgraded from Windows Server 2003 or from Microsoft Windows 2000.

↑ Back to the top

Cause

This problem occurs because the Active Directory database file (Ntds.dit) does not include the new object classes and the attributes for the Windows Server 2003 R2 schema update. When you upgrade Windows Server 2003-based domain controllers or Windows 2000-based domain controllers to Windows Server 2003 R2, you use the Adprep tool to upgrade Active Directory. All the schema update information that is required during the upgrade process is defined in the Sch31.ldf file. This file is located in the Cmpnents\R2\Adprep folder on the Windows Server 2003 R2 installation CD.

When you install Active Directory on a newly installed Windows Server 2003 R2-based server, a new Active Directory database file (Ntds.dit) is created. This database file is created from the Ntds.dit file that already exists in the %systemroot%\System32 folder. The schema that is created for the newly installed Active Directory forest is supposed to include all the changes that are included for the schema of an upgraded Active Directory forest. However, in this case, the schema update information that is included in the Sch31.ldf file is not copied to the schema of the newly created Active Directory database file (Ntds.dit). Therefore, the schema of the newly installed Window Server 2003 R2 Active Directory forest differs from the schema of an upgraded Windows Server 2003 R2 Active Directory forest.

↑ Back to the top

Resolution

To resolve this problem, first create a schema update file that contains all the required changes to update the Active Directory schema of the newly created Windows Server 2003 R2 Active Directory forest. Then, run this file to update the Active Directory schema. To do this, follow these steps:
1. Log on to the computer as a user who is a member of the Schema Admins security group.
2. Click Start, click Run, type notepad.exe, and then click OK.
3. Copy the following section of code into the Notepad file.

Important You must copy the code exactly as you see it here. Modification of .ldf files may cause irreversible changes and forest-wide failure.
# -----------------------------------------------------------------------
#   Copyright 2007 Microsoft Corporation
#	
#   MODULE:     r2BaseInstallSchemaFix.ldf
#   ABSTRACT:   Fix Schema Attributes From Skeleton Database
#
#               Schema update for Windows Server 2003 R2 clean 
#               install forests. Includes last minute updates 
#               to ADPrep schema for upgrades that were omitted 
#               from the skeleton NTDS.DIT file
#
#               This file redefines the CN=IpService classSchema
#               object, so the forest must be at Windows Server 
#               2003 Forest Functional Level (FFL).
#
#   COMMAND: ldifde -i -f r2baseinstallschemafix.ldf -c DC=X DC=domain,DC=com
# -----------------------------------------------------------------------
#
dn:
changetype: modify
add: schemaUpgradeInProgress
schemaUpgradeInProgress: 1
-

dn: CN=Device,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: systemPossSuperiors
systemPossSuperiors: domainDNS
-

dn: CN=IpHost,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: mayContain
mayContain: manager
-

dn: CN=IpNetwork,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: possSuperiors
possSuperiors: domainDNS
possSuperiors: nisMap
-
replace: mayContain
mayContain: manager
-

dn: CN=IpServiceProtocol,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
replace: isSingleValued
isSingleValued: FALSE
-

dn: CN=IpProtocol,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: possSuperiors
possSuperiors: domainDNS
possSuperiors: nisMap
-

dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: possSuperiors
possSuperiors: domainDNS
possSuperiors: nisMap
-

dn: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: possSuperiors
possSuperiors: domainDNS
possSuperiors: nisMap
-

dn: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: possSuperiors
possSuperiors: domainDNS
possSuperiors: nisMap
-

dn: CN=NisMap,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: possSuperiors
possSuperiors: domainDNS
possSuperiors: nisMap
-

dn: CN=NisNetgroup,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: possSuperiors
possSuperiors: domainDNS
possSuperiors: nisMap
-

dn: CN=NisObject,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: possSuperiors
possSuperiors: domainDNS
possSuperiors: nisMap
-

dn: CN=OneRPC,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
add: possSuperiors
possSuperiors: domainDNS
possSuperiors: nisMap
-

dn: 
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaModify
replace: isDefunct
isDefunct: TRUE
-

dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemamodrdn
newrdn: CN=IpServiceDefunct
deleteoldrdn: 1


dn: 
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

dn: CN=IpService,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: classSchema
ldapDisplayName: ipService
adminDisplayName: ipService
adminDescription: Abstraction of an Internet Protocol service.
governsId: 1.3.6.1.1.1.2.3
objectClassCategory: 1
rdnAttId: 2.5.4.3
subClassOf: 2.5.6.0
mustContain: 2.5.4.3
mustContain: 1.3.6.1.1.1.1.15
mustContain: 1.3.6.1.1.1.1.16
mayContain: 1.3.6.1.1.1.1.26
mayContain: 1.2.840.113556.1.6.18.1.323
mayContain: 1.2.840.113556.1.6.18.1.339
mayContain: 1.2.840.113556.1.6.18.1.309
mayContain: 2.5.4.13
possSuperiors: 2.5.6.5
possSuperiors: 1.2.840.113556.1.3.23
possSuperiors: 1.3.6.1.1.1.2.9
possSuperiors: 1.2.840.113556.1.5.67
schemaIdGuid:: 3/oXJZf6rUid5nmsVyH4ZA==
defaultSecurityDescriptor: 
D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
showInAdvancedViewOnly: TRUE
defaultHidingValue: TRUE
systemOnly: FALSE
defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,DC=X


dn: 
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
#   NOTE: The last line in this file must be empty
4.On the File menu, click Save, and then follow these steps in the Save As dialog box:
a. In File name box, type %userprofile%\R2baseinstallschemafix.ldf.
b. In Save as type list, click All Files.
c. In the Encoding list, click Unicode.
d. Click Save.
e. Exit Notepad.
5. Run the R2baseinstallschemafix.ldf file. To do this, follow these steps:
a. Click Start, click Run, type cmd, and then click OK.
b. At a command prompt, type the following commands. Press ENTER after each command.
cd %userprofile%
ldifde -i -f r2baseinstallschemafix.ldf -c DC=X "domain_name_path_for_forest_root_domain"
Note In the second command, DC=X is a case-sensitive constant. Also, the domain name path for the root domain must be enclosed in quotation marks. For example, the command syntax for an Active Directory forest whose forest root domain is Contoso.com would be as follows:
ldifde -i �f r2baseinstallschemafix.ldf -c DC=X "dc=contoso,dc=com"
6.Close the command prompt.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

Keywords: KB934255, kbtshoot, kbexpertiseadvanced

↑ Back to the top

Article Info
Article ID : 934255
Revision : 1
Created on : 4/6/2007
Published on : 4/6/2007
Exists online : False
Views : 308