Ronald de Kock

I was working on an upgrade of a Windows Server 2000 Active Directory to Windows Server 2003 and encountered a problem when upgrade the schema version. After all preparations were taken I ran the adprep /forestprep command and got the following output:

=============================================================================
“attributeId” attribute value for objects defined in Windows 2000 schema and extended schema do not match.

A previous schema extension has defined the attribute value as “1.2.840.114050.1.1.1.1.90″ for object “CN=preferredLanguage,CN=Schema,CN=Configuration,DC=Contoso,DC=com” differently than the schema extension needed for Windows 2003 server .
[Status/Consequence]
Adprep cannot extend your existing schema
[User Action]
Contact the vendor of the application that previously extended the schema to resolve the inconsistency. Then run adprep again.

 =============================================================================
“isSingleValued” attribute value for objects defined in Windows 2000 schema and extended schema do not match.

A previous schema extension has defined the attribute value as “FALSE” for object “CN=preferredLanguage,CN=Schema,CN=Configuration,DC=contoso,DC=com” differently than the schema extension needed for Windows 2003 server .
[Status/Consequence]
Adprep cannot extend your existing schema
[User Action]
Contact the vendor of the application that previously extended the schema to resolve the inconsistency. Then run adprep again.

==============================================================================

I opened up a PSS Support call because I am always carefull with schema issues. Better be safe than sorry. Microsoft suggested to run the renameattribute.exe included in the hotfix explained in KB293783.  The KB is referring to ” Unix services for windows”  which caused the problem. The renameattribute did not solve the problem.

After a talk with the sysadmin that was working with the company the longest, he remembered that years ago there was an issue when the COGNOS application was implemented. He remembered that they did an schema extension on the AD. Because there were a lot of problems with the AD integration, the AD integration was cancelled.

The Attribute PreferredLanguage was implemeted by COGNOS with the wrong OID. After checking the AD that the attribute was not used by any user object, I renamed the ldapdisplayname, admindisplayname and the RDN of the attribute preferredlanguage to COGNOSpreferredlanguage. After the change the forestprep worked without any errors!

I have been using the ADExplorer tool from sysinternals and I liked it very much. It is way better than working with ldp.exe from MS.

Please be very carefull when making changes to the Active Directory Schema ! Making changes in the schema is always at your own risk !!

When installing a SQL 2008 Server Failover Cluster it is necessary to create SPN’s for the SQL Server Service Account. One way to accomplish this is to tweak the Service User Account used for running the SQL Server. The permissions of the Service Account can to be adjusted to allow it to create and remove SPN’s.

Use ADSI Edit (included in Server 2008) and connect to the Default Naming Context.
Locate the Service Account, open the security tab.
Select SELF in the group or user names windows and check the Allow box for  ”Write public information” .

SELF permissions

After making the change restart the SQL Server service. The Service Account will register the SPN automatically.

To check if the SPN’s are registered correctly open a command prompt and do:
setspn -L Serviceaccount (e.g. SA_SQL2008_01)

The output should look like:
Registered ServicePrincipal Names for CN=SA_SQL2008_01, OU=Service Accounts, DC=Contoso, DC=com

MSSQLSvc/FQDN:1433

Works like a charm.