One Simple List

This and that from here and there

Archive for the ‘Active Directory’ Category

Mar-2-2008

Windows Server 2008 Restartable AD DS

With Windows Server 2008, Active Directory Domain Services can be stopped to perform tasks such as offline defragmentation or applying updates. While AD DS is stopped, other domain controllers can service requests. This is an improvement over Windows 2000 and Windows 2003 Active Directory where you have to restart the domain controller Directory Services Restore Mode to perform the same tasks.

To stop and restart AD DS

1. Click Start -> Administrative Tools ->Computer Management.

2. Double-click Services and Applications, and then click Services.

3. To stop AD DS, in the details pane, right-click Active Directory Domain Services, and then click Stop.

4. In Stop Other Services, review the list of dependent services that will also stop when you stop AD DS, and then click Yes.

5. Right-click Active Directory Domain Services again, and then click Start.

Dependent services start before AD DS starts.

Posted under Active Directory, Windows Server 2008
2 comments
Feb-28-2008

Access Denied when Trying to Seize Schema Master

Recently when trying to seize the schema master role I got an error indicating that access was denied.  I was logged in as the domain administrator and I was a member of the Schema Admin group.  Prior to trying the seize the schema master role, I was able to sucessfully seize the other four roles.

The following error was received:

fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0×32(50 (Insufficient Rights).
Ldap extended error message is 00002098: SecErr: DSID-03151D7D, problem 4003 (IN
SUFF_ACCESS_RIGHTS), data 0

Win32 error returned is 0×2098(Insufficient access rights to perform the operation.))
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of schema FSMO failed, proceeding with seizure …
ldap_modify of SD failed with 0×32(50 (Insufficient Rights).
Ldap extended error message is 00000005: SecErr: DSID-03151E04, problem 4003 (IN
SUFF_ACCESS_RIGHTS), data 0

Win32 error returned is 0×5(Access is denied.)
)

 To resolve the issue, I simply logged out, logged back in again and when I ran the commond to seize the role, it suceeded.

Posted under Active Directory
2 comments