I'm am using the instructions here to upgrade my Windows Server 2012 AD Controller to Windows Server 2019. This server is a isolated AD controller that has no other server/clients connected to it in any way.
When I run the following on this server:
./adprep.exe /forestprep /forest Dev
I am presented with the following error:
Adprep could not contact the Schema FSMO STORMDEMO.DEV.EBM.COM. The
Schema FSMO must be reachable for this operation to proceed.
[Status/Consequence] The Active Directory Domain Services schema is
not upgraded. [User Action] Check the log file ADPrep.log in the
C:\Windows\debug\adprep\logs\20220119160049 directory for possible
cause of failure .
Adprep encountered a Win32 error. Error code: 0x2095 Error message: A
directory service error has occurred.
Adprep was unable to check the specified user's group membership.
[Status/Consequence] Adprep has stopped without making changes. [User
Action] Verify the specified user is a member of Enterprise Admins
group and Schema Admins group if /forestprep is specified, or is a
member of Domain Admins group if /domainprep is specified, or is a
member of Enterprise Admins group if /rodcprep is specified .
Adprep encountered a Win32 error. Error code: 0x2095 Error message: A
directory service error has occurred.
This error is preventing me with proceeding with my windows upgrade process. I've checked my user account running this and attempted to run it with a elevated and under the "Administrator" account but am always presented with the same error message. My user account and the "Administrator" user account are members of the mentioned groups above.
Googling the specific error message(0x2095 Error message: A directory service error has occurred.) only leads me to vague posts related to other operations without clear solutions.
Does anyone understand what causes this issue, and/or have a resolution to this issue?
Update 1
Both answers we're useful, I followed the suggestions and figured out that there was some confusion around the FSMO roles, the server name is "EBM-TFS" and when I ran "netdom query FSMO" I got the following:
Schema master STORMDEMO.DEV.EBM.COM
Domain naming master STORMDEMO.DEV.EBM.COM
PDC EBM-TFS.DEV.EBM.COM
RID pool manager EBM-TFS.DEV.EBM.COM
Infrastructure master EBM-TFS.DEV.EBM.COM
I was able to seize the "Schema Master" role using powershell(First I run Ntdsutil, which fails, then I run Move-ADDirectoryServerOperationMasterRole -Identity "EBM-TFS" -OperationMasterRole schemaMaster), however I wasn't able to seize the "Domain naming master" role with either that or "ntdsutil":
Move-ADDirectoryServerOperationMasterRole : The directory service is
unavailable At line:1 char:1
- Move-ADDirectoryServerOperationMasterRole -Identity "EBM-TFS" -OperationMasterRo ...
ntdsutil:
fsmo maintenance: transfer naming master ldap_modify_sW error 0x34(52
(Unavailable). Ldap extended error message is 000020AF: SvcErr:
DSID-0321041F, problem 5002 (UN AVAILABLE), data -2146893022
Win32 error returned is 0x20af(The requested FSMO operation failed.
The current FSMO holder could not be contacted.) )
Didn't matter though as I was able to run suggestion three(Rerun adprep /forestprep without /forest Dev) by @joeqwerty and this was successful, and I was able to proceed with the windows upgrade process.
