cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
604
Views
0
Helpful
11
Replies

ADScemaSetup.exe error

admin_2
Level 3
Level 3

I am getting the following in the ldif.log when trying to run the Schema updates:<br>--snip--<br>1: CN=ms-Exch-Recorded-Name,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>Entry DN: CN=ms-Exch-Recorded-Name,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>change: add<br>Attribute 0) adminDescription:ms-Exch-Recorded-Name<br>Attribute 1) adminDisplayName:ms-Exch-Recorded-Name<br>Attribute 2) attributeID:1.2.840.113556.1.4.7000.102.17016<br>Attribute 3) attributeSyntax:2.5.5.12<br>Attribute 4) isMemberOfPartialAttributeSet:TRUE<br>Attribute 5) isSingleValued:FALSE<br>Attribute 6) lDAPDisplayName:msExchRecordedName<br>Attribute 7) name:ms-Exch-Recorded-Name<br>Attribute 8) oMSyntax:64<br>Attribute 9) objectCategory:CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>Attribute 10) objectClass:attributeSchema<br>Attribute 11) searchFlags:0<br>Attribute 12) partialAttributeSet:TRUE<br><br>Add error on line 37: Busy<br>The server side error is "The role owner attribute could not be read."<br>0 entries modified successfully.<br>An error has occurred in the program<br>--snip--<br><br>Heres the ldif. err:<br>--snip--<br>1: CN=ms-Exch-Recorded-Name,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>Entry DN: CN=ms-Exch-Recorded-Name,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>change: add<br>Attribute 0) adminDescription:ms-Exch-Recorded-Name<br>Attribute 1) adminDisplayName:ms-Exch-Recorded-Name<br>Attribute 2) attributeID:1.2.840.113556.1.4.7000.102.17016<br>Attribute 3) attributeSyntax:2.5.5.12<br>Attribute 4) isMemberOfPartialAttributeSet:TRUE<br>Attribute 5) isSingleValued:FALSE<br>Attribute 6) lDAPDisplayName:msExchRecordedName<br>Attribute 7) name:ms-Exch-Recorded-Name<br>Attribute 8) oMSyntax:64<br>Attribute 9) objectCategory:CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=hmnbank,DC=com<br>Attribute 10) objectClass:attributeSchema<br>Attribute 11) searchFlags:0<br>Attribute 12) partialAttributeSet:TRUE<br><br>Add error on line 37: Busy<br>The server side error is "The role owner attribute could not be read."<br>An error has occurred in the program<br>--snip--<br><br>Any ideas what the problem is?<br><br>There are users in OU's other than and including the Users OU. Could that be affecting it?<br><br>Thanks.<br><br>

11 Replies 11

cgulley
Level 1
Level 1

Try the following:

1) Be sure the account under which you are running adschemasetup.exe is a member of the Schema Admins group
2) Run adschemasetup.exe on the DC which is the schema master (usually the first DC in the forest, but you can use ntdsutil to see for sure which one it is--there are some MSDN articles that tell how to do it)

Not applicable

I am installing on the only DC in the network, which I am using the account which was used to install AD initially, which has all the necessary permissions. I worked with TAC for 3 hours and we have narrowed it to an Active Directory thing and they are sending me to Micro$oft.

I tried running ADSI Edit to manually extend the schema and that failed with the same "The role owner attribute could not be read" error as appears in the ldif.log file when I run the ADSchemaSetup.

After that failed I went searching and found the ldifde.exe utility and tried processing the ldif script with: ldifde.exe -i -l av(I don't have the filename).ldf

And that failed with an error of:

Add error on line 37: Invalid DN Syntax
The server side error is "The object name has bad syntax."
0 entries modified successfully.
An error has occurred in the program

Anyone?

Were there every any other DCs in the forest? If so, you could try the following MSDN articles:

Q234790 - HOW TO: How to Find FSMO Role Holders (Servers)
Q255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller

They explain how to determine which DC is the schema master and how to force a DC server to become a schema master.

If this DC is the only DC that has ever existed in the forest, though, it is unlikely that articles above will help much. If that is the case, I don't have any ideas on why it might not be working.

Not applicable

This is the only DC in the domain and there is only one forest. All schema roles are on the one server. I can edit schema attributes using ADSI edit, but not add any new extensions to the schema. Am I the only one who has run into this?

You can always take our LDIF file and try to extend the schema with the LDIFDE utility that comes with Windows 2000. If that tool can't do it I am pretty sure you have a AD problem and you would need to get MSFT involved.

Keith

Keith Chambers
Unity Technical Lead
Unified Voice Team, San Jose
Cisco Systems

Not applicable

I tried the ldifde utility and that did not do it, that gave an error of:

Add error on line 37: Invalid DN Syntax
The server side error is "The object name has bad syntax."
0 entries modified successfully.
An error has occurred in the program

I am certain this is a Microsoft issue, but I have been over permissions many times and all appears to be in place.

Any thoughts on the fact that I can use ADSI Edit to modify other schema values, but not add any new ones?

Assuming this is your corp AD and you have already run /forestprep for Exchange 2000 I would give MSFT a ring. Changes to the AD schema are permanent so you really don't want to mess anything up. :(

Keith

Keith Chambers
Unity Technical Lead
Unified Voice Team, San Jose
Cisco Systems

Not applicable

I am using the values straight out of the .LDF script from the Unity CD images, so I'm confident that nothing will get messed up. TAC is recommending I "upgrade" to 3.1.3. That seems bogus to me because the schema extensions have nothing to do with Unity version in how they are written to the schema.
The customer has no M$FT support so at $300 a pop to install a Cisco product, they are oviously balking. This is an existing Ex2k and AD domain we are bringing Unity into. The customer understands this is probably a M$FT issue but they also know there are other VM's out there that do not need an AD Schema extension to run.

I agree that an upgrade to 3.1.3 would be futile.

Have you tried running ldifde again with the correct -c option? The first error you posted from ldifde was because of the wrong command line options, not because of whatever is going on with AD.

Not applicable

Just as a note Idid manage to get this resolved... and yes I tried the -c option with the same "role owner" error as the rest of the attempts I made.

Here is what I did to get this to go, and I still don't quite get it.

In the course of troubleshooting I installed the MS Support Pack, which includes the Active Directory GUI tool. I had gone through that tool to verify that I could connect, browse, etc. using LDAP. (By the way I also used ntdsutils, ADSI Edit, and a bunch of other tools to verify AD and LDAP connections) My normal process was to check the access with a given utility, close the util, then try to run the update again. The last time however I left my connection open, ran the SchemaUpdate and it flew through like there had never been an issue in the first place.

Exceptionally weird behavior.

I ran this by someone else here and he had the following comment about the ldifde error:

Note that his ldifde script is failing because he needs to specify -c to replace the in the script with the actual dn to his/her schema container (cn=schema,cn=configuration,dc=xyz,dc=com).


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: