将单个域控制器服务器从 2008R2 升级到服务器 2019

我们有一个客户端，其 Active Directory 环境在 Windows Server 2008 R2 上非常老旧。我们将用新服务器替换它，并希望升级现有服务器以保留所有权限和配置文件。我们意识到我们需要分几个步骤完成此操作。我们创建了一个 Hyper-V 服务器来测试升级。在首次尝试升级到 2012 R2 期间，我们收到一条错误消息，提示需要运行 Forestprep 和 Domainprep。Forestprep 已成功完成，但 Domainprep 在复制方面存在问题。很久以前有另一台服务器，但在我们获得客户端之前它已退役，因此我们无法访问它。我能够手动删除站点和服务中的旧服务器以有效禁用复制。现在，我在 Active Directory 域服务中创建 CN=TPM 设备、DC=CVV、DC=local 时收到权限错误。请参阅以下日志摘录：

[Status/Consequence]

The operation has not run or is not currently running. It will be run next.
[2024/02/13:16:51:53.609]
Adprep was about to call the following LDAP API. ldap_add_s(). The entry to add is CN=TPM Devices,DC=CVV,DC=local.
[2024/02/13:16:51:53.610]
LDAP API ldap_add_s() finished, return code is 0x10 
[2024/02/13:16:51:53.617]
Adprep was unable to create the object CN=TPM Devices,DC=CVV,DC=local in Active Directory Domain Services.

[Status/Consequence]

This Adprep operation failed.

[User Action]

Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20240213165153 directory for more information. Restart Adprep.
[2024/02/13:16:51:53.621]
Adprep encountered an LDAP error. 

Error code: 0x10. Server extended error code: 0x57, Server error message: 00000057: LdapErr: DSID-0C090CB7, comment: Error in attribute conversion operation, data 0, v1db1


DSID Info:
DSID: 0x1811100d
ldap error = 0x10
NT BUILD: 9600
NT BUILD: 16384

[2024/02/13:16:51:53.628]
Adprep was unable to update domain information. 

[Status/Consequence]

Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.

[User Action]

Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20240213165153 directory for more information. 

D:\support\adprep>netdom query fsmo
Schema master               Culinary01.CVV.local
Domain naming master        Culinary01.CVV.local
PDC                         Culinary01.CVV.local
RID pool manager            Culinary01.CVV.local
Infrastructure master       Culinary01.CVV.local
The command completed successfully.

我使用提升的命令提示符运行了 adprep /domainprep，该提示符以属于域管理员和企业管理员的管理员帐户登录。有人知道如何修复此错误吗？

joeqwerty 请求的附加命令结果：

PS C:\Users\cvvadmin> echo $host
Name             : ConsoleHost
Version          : 3.0
InstanceId       : 9b5b8e7f-85bd-40c3-ba0b-b32a0f87f133
UI               : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture   : en-US
CurrentUICulture : en-US
PrivateData      : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
IsRunspacePushed : False
Runspace         : System.Management.Automation.Runspaces.LocalRunspace

PS C:\Users\cvvadmin> Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
DistinguishedName : CN=Schema,CN=Configuration,DC=CVV,DC=local
Name              : Schema
ObjectClass       : dMD
ObjectGUID        : f91149b0-619b-4ee8-90f1-3aa164846200
objectVersion     : 69

PS C:\Users\cvvadmin> Get-ADForest | fl Name,ForestMode
Name       : CVV.local
ForestMode : Windows2000Forest

PS C:\Users\cvvadmin> Get-ADDomain | fl Name,DomainMode
Name       : CVV
DomainMode : Windows2000Domain

PS 输出和 domainprep 日志：

PS C:\Users\cvvadmin> Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion
DistinguishedName : CN=Schema,CN=Configuration,DC=CVV,DC=local
Name              : Schema
ObjectClass       : dMD
ObjectGUID        : f91149b0-619b-4ee8-90f1-3aa164846200
objectVersion     : 69

PS C:\Users\cvvadmin> Get-ADForest | fl Name,ForestMode
Name       : CVV.local
ForestMode : Windows2008R2Forest

PS C:\Users\cvvadmin> Get-ADDomain | fl Name,DomainMode
Name       : CVV
DomainMode : Windows2008R2Domain

PS C:\Users\cvvadmin> Dfsrmig /getmigrationstate
Unable to create DFSR Migration log file. Error 1307
All Domain Controllers have migrated successfully to Global state ('Eliminated').
Migration has reached a consistent state on all Domain Controllers.
Succeeded.

Domainprep log:

[Status/Consequence]

The operation has not run or is not currently running. It will be run next.
[2024/02/14:13:29:33.022]
Adprep was about to call the following LDAP API. ldap_add_s(). The entry to add is CN=TPM Devices,DC=CVV,DC=local.
[2024/02/14:13:29:33.025]
LDAP API ldap_add_s() finished, return code is 0x10 
[2024/02/14:13:29:33.033]
Adprep was unable to create the object CN=TPM Devices,DC=CVV,DC=local in Active Directory Domain Services.

[Status/Consequence]

This Adprep operation failed.

[User Action]

Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20240214132932 directory for more information. Restart Adprep.
[2024/02/14:13:29:33.039]
Adprep encountered an LDAP error. 

Error code: 0x10. Server extended error code: 0x57, Server error message: 00000057: LdapErr: DSID-0C090CB7, comment: Error in attribute conversion operation, data 0, v1db1


DSID Info:
DSID: 0x1811100d
ldap error = 0x10
NT BUILD: 9600
NT BUILD: 16384

[2024/02/14:13:29:33.048]
Adprep was unable to update domain information. 

[Status/Consequence]

Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.

[User Action]

Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20240214132932 directory for more information.