Unable to migrate from FRS to DFS on Native Windows Server 2012 R2 Domain

hi guys.

background

we have acquired active directory 2003 r2 infrastructure. along lines have added, upgraded , deployed windows server 2008 , 2012 domain controllers in domain. domain still running ntfrs sysvol @ point of time.

we have since deployed windows server 2012r2 domain controllers , phased-out legacy dc versions in forest/domain. fsmo has been transferred succesfully , operational level of forest , domain upgraded native 2012r2 without incidents.

issue

our problem when tried migrate sysvol frs dfs.

when running "dfsrmig /setglobalstate 1" or "dfsrmig /setglobalstate 0" elevated cmd returns error:

error: 87. please check dfsrmig log files under the windows\debug directory.

the command run directly on pdc (we have tested running dfsrmig other domain controllers) , windows firewall turned off.

the excerpt log file error took place follow:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

20141221 05:28:47.950  312 cfad  7268 config::adconfig::constructsysvolobjects [sysvol] member:cn=dc01,cn=topology,cn=domain system volume,cn=dfsr-globalsettings,cn=system,dc=domain,dc=com

20141221 05:28:47.950  312 adwr   311 config::adwriter::createsysvolglobalobjects [sysvol] create sysvol global objects

20141221 05:28:47.950  312 cfad  2838 config::adobjecteditor::addobject add cn=dfsr-globalsettings,cn=system,dc=domain,dc=com

20141221 05:28:47.950  312 adwr   330 [error] config::adwriter::createsysvolglobalobjects [sysvol] failed add global settings object

20141221 05:28:47.950  312 evnt  1194 eventlog::report logging eventid:8001 parametercount:3

20141221 05:28:47.950  312 evnt  1214 eventlog::report         eventid:8001 parameter1:dc01

20141221 05:28:47.950  312 evnt  1214 eventlog::report         eventid:8001 parameter2:87

20141221 05:28:47.950  312 evnt  1214 eventlog::report         eventid:8001 parameter3:the parameter incorrect.

20141221 05:28:47.950  312 migm   738 [error] main error:

+       [error:87(0x57) process main.cpp:602 312 w parameter incorrect.]

+       [error:87(0x57) migration::sysvolmigration::createglobaladobjects migration.cpp:4251 312 w parameter incorrect.]

+       [error:87(0x57) config::adwriter::createsysvolmigrationglobalobjects adwriter.cpp:1748 312 w parameter incorrect.]

+       [error:87(0x57) config::adwriter::createsysvolglobalobjects adwriter.cpp:336 312 w parameter incorrect.]

+       [error:87(0x57) config::adobjecteditor::addobject ad.cpp:2861 312 w parameter incorrect.]

+       [error:16(0x10) config::adobjecteditor::addobject ad.cpp:2861 312 l no such attribute]

<cr>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++</cr>

<cr>the dfs migration failure event registered in event viewer follow:</cr>

it seems error caused dfsrmig not being able create "cn=dfsr-globalsettings,cn=system,dc=domain,dc=com" object; not sure why though.

comparing acl of "cn=system,dc=domain,dc=com" object other ad installations looks legit.

we have done frs dfs migrations on mixedad2008 , nativead2012 domains succesfully. our first time migrating on nativead2012r2 domain.

any pointers appreciated...

hi guys, sorry not being able reply earlier. it's been joyride of troubleshooting. fortunately, great report our issue has been resolved.

starting @ error dfsrmig unable create object "cn=dfsr-globalsettings,cn=system,dc=domain,dc=com", using adsi, verified @ our *other* working active directory installations have succesfully migrated syvol frs dfs object "cn=dfsr-globalsettings,cn=system,dc=xxx" indeed exists objectclass of msdfsr-globalsettings.

we looked @ our own cn=schema,cn=configuration,dc=domain,dc=com see if msdfsr-globalsettings objectclass exists. on *other* forest, actual objectclass object cn=ms-dfsr-globalsettings,cn=schema,cn=configuration,dc=xxx while admindisplayname attribute msdfsr-globalsettings.

although objectversion attribute our forest's schema correct @ 69 (for windows server 2012 r2), not msdfsr-globalsetting did not exist, whole bunch of other ms-dfsr-x objects missing in schema ???

looking @ ldif files came windows server 2012 r2's adprep, ms-dfsr-globalsetting class should added during schema extension when schema version < 37; somewhere between additions of 2003 r2 , 2008 domain controllers forest.

its funny how adprep process until recent addition of 2012 r2 domain controllers never thrown hiss eventhough objectclasses missing schema. far recent addition of our 2012 r2 domain controllers, dcpromo process went smooth & error-less.

anyway, knew had somehow add missing objectclass (at minimum dfsr classes) migrate sysvol , far knew, adprep one-time process. have never tried to re-run adprep process before.

we assumed adprep /forestprep checks objectversion attribute value of cn=schema,cn=configuration,dc=xxx (possibly on schema fsmo). if value current (69 2012 r2 in our case) refuses run again.

we changed objectversion value 69 (2012 r2) 31 (2003 r2), ran "repadmin/syncall" , tried re-running 2012 r2's adprep /forestprep command. adprep process detected detected version (31) , proceeded import ldif files beginning sch32.ldf until sch69.ldf.

once done, reloaded , refreshed schema. wow !!! ms-dfsr-globalsettings , other missing classes available !!!

for completion sake, decided re-run /domainprep process well. proceeded change revision attribute value cn=activedirectoryupdate,cn=domainupdates,cn=system,dc=xxx (under default naming context) 10 (2012 r2) 3 (2008). after repadmin /syncall completed, re-ran adprep /domainprep , proceeded re-run process without errors.

we ran through dfsrmig processes state=1 until state=3 succesfully. sysvol have been migrated frs dfs succesfully.

schema/revision versions, refer to: how query active directory determine schema version

Windows Server  >  Directory Services