FIX: Error message when you try to prepare the Active Directory directory service for Windows Server 2003 R2: "Attribute value for objects defined in Windows 2000 schema and extended schema do not match"
When you try to prepare the Active Directory directory service for Microsoft Windows Server 2003 R2, you receive error messages that resemble the following:
Error message 1
- "attributeId" attribute value for objects defined in Windows 2000 schema and extended schema do not match.
Error message 2
- "attributeSyntax" attribute value for objects defined in Windows 2000 schema and extended schema do not match.
Error message 3
- "isSingleValued" attribute value for objects defined in Windows 2000 schema and extended schema do not match.
Error message 4
- "governsId" attribute value for objects defined in Windows 2000 schema and extended schema do not match.
You experience this problem if the following conditions are true:
You run the adprep /forestprep command from the Windows Server 2003 R2 media. You do this to prepare a Windows Server 2003 forest for Windows Server 2003 R2 or to prepare a Microsoft Windows 2000 forest for Windows Server 2003 R2.
Microsoft Windows Services for UNIX 2.0 is installed in the Windows Server 2003 forest or in the Windows 2000 forest.
This problem occurs because a conflict exists between the common names (CNs) of certain Windows Server 2003 R2 schema extensions and certain Windows Services for UNIX 2.0 schema extensions. This conflict affects the following schema attributes:
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
No prerequisites are required to apply this hotfix.
You do not have to restart the computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Hotfix installation information
This hotfix contains a schema update to rename the earlier schema attributes. This action lets you update Active Directory for Windows Server 2003 R2. To apply this hotfix, follow these steps:
Extract the two files from this hotfix package to a folder on one of the following computers:
The Windows Server 2003-based computer on which Windows Services for UNIX 2.0 is installed
The Windows 2000-based server on which Services for UNIX 2.0 is installed
Note The following two files are included in this hotfix:
The Schema Tool (Idmschupg.exe) renames attributes from the earlier schema based on the specifications in the LDF file (Schupgrade.ldf).
Run the Schema Tool (Idmschupg.exe) to make the appropriate changes to the schema.
Note You must run this from the command-line window. After you have extracted the files, open a command prompt, and change the directory to the location where you extracted the two files. For example, the two files may be extracted to the following location:
Then, run the tool. When you are prompted to enter C, type C. This is case-sensitive. If you type a lowercase c, the tool will close without running.
Note You must run this tool on a Windows Server 2003-based computer that has Windows Services for UNIX 2.0 installed or on a Windows 2000-based computer that has Windows Services for UNIX 2.0 installed. You must run this tool before you prepare Active Directory for Windows Server 2003 R2.
This tool converts the CN to the new schema specifications. This conversion enables Active Directory to prepare for the upgrade to Windows Server 2003 R2.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Any applications or scripts that try to read the value of the attributes that are mentioned in the "Cause" section may now not get the information that is stored in them because the attributes that stored the information have been renamed to have a prefix of MSSFU2x-. All such applications and scripts should be modified to query the attributes with their new names, or the information that is stored in the respective attributes should be migrated to the corresponding new RFC2307-compliant attributes to maintain the compatibility.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86), Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86), Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86), Microsoft Windows Server 2003 R2 Datacenter x64 Edition, Microsoft Windows Server 2003 R2 Enterprise x64 Edition, Microsoft Windows Server 2003 R2 Standard x64 Edition