rendom fails on /execute with error 8333

Question

rendom fails on /execute with error 8333

I am trying to rename a 2-DC 2012 R2 single domain with rendom. I do the /list, edit xml and /prepare which work OK. But when I do /execute it fails on both DCs.

There is a suspicious entry near the start (line 11). The domain (anonymised) is XXXXhome. I had a tinker in the 2008 days with connecting to XXXXschool domain, but never got very far and had forgotten all about it. I can see no sign of it in AD domains/trusts or anywhere I can think of. Here's the start of SCRIPTLOG.LOG. Same on both DCs.

03/25 10:33:23 [INFO] PrepareScript: Entering
03/25 10:33:23 [INFO] XML Parse result code: 0x00000000
03/25 10:33:23 [INFO] Syntax Validate Processing: 0x00000000 retCode:0(0x0) ErrorMessage((null))
03/25 10:33:23 [INFO] InstanceType Check. ObjectGUID: 2d6f0e48-5fb4-490b-a544173962b67823
03/25 10:33:23 [INFO] InstanceType Check WRITE (NULL)=TRUE  Result: 0(0x0)
03/25 10:33:23 [INFO] Compare Check. ObjectGUID: e385cce1-e209-4198-8e48656ef24777ba
03/25 10:33:23 [INFO] Compare Check (CN=NTDS Settings,CN=KAKA,CN=Servers,CN=Home,CN=Sites,CN=Configuration,DC=XXXXhome,DC=d2g,DC=com)  Attr(msDS-ReplicationEpoch)?=(1) = (FALSE) Error: No Error.
03/25 10:33:23 [INFO] InstanceType Check. ObjectGUID: a514df7c-59b8-4a6b-b8ec66e99a3e2377
03/25 10:33:23 [INFO] InstanceType Check WRITE (NULL)=TRUE  Result: 0(0x0)
03/25 10:33:23 [INFO] Compare Check. ObjectGUID: a514df7c-59b8-4a6b-b8ec66e99a3e2377
03/25 10:33:23 [INFO] Compare Check (NULL)  Attr(NcName)?=(CN=XXXXschool,DC=XXXXschool,DC=d2g,DC=com) = (TRUE) Error: No Error.
03/25 10:33:23 [INFO] InstanceType Check. ObjectGUID: 0f477103-31ac-47eb-9578e663ed4226f3
03/25 10:33:23 [INFO] InstanceType Check WRITE (NULL)=TRUE  Result: 0(0x0)
03/25 10:33:23 [INFO] Compare Check. ObjectGUID: 0f477103-31ac-47eb-9578e663ed4226f3
03/25 10:33:23 [INFO] Compare Check (NULL)  Attr(NcName)?=(DC=ForestDnsZones,DC=XXXXhome,DC=d2g,DC=com) = (TRUE) Error: No Error.

and at the failure point:

03/25 10:41:00 [INFO] Move Source (DC=57f551a5-bced-4c98-9620-8cb2bf47689a,DC=INVALID)
03/25 10:41:00 [INFO] Move Dest (DC=XXXXschool,DC=d2g,DC=com)
03/25 10:41:00 [INFO] Move Result 8333(Invalid error code of 8333
)
03/25 10:41:00 [ERROR] Script process error(0x208d) Invalid error code of 8333
03/25 10:41:00 [INFO] Execute Processing(RW): 0x0000208D retCode:8333(0x208d) ErrorMessage((null))
03/25 10:41:00 [ERROR] Error Invalid error code of 8333
 execuring script
03/25 10:41:00 [ERROR] Script process error(0x208d) DSID (0x11e0d1a) Data(0x0)
03/25 10:41:00 [INFO] ExecuteScript: Exiting: 0x208d
03/25 10:41:06 [INFO] +++++++++++ Start Of Log Session ++++++++++++++++
03/25 10:41:06 [INFO] Shutting Down System

Not sure what to do next. I've got ADSI Edit and Softerra LDAP but not sure how to look for the DC=XXXXschool entry which looks relevant to the problem.

Edit: Tried DSQUERY * DC=XXXXschool and it says "failed: a referral was returned from the server" which is hardly surprising as it doesn't exist. How do I kill the reference?

active-directory

domain-controller

asked on Server Fault Mar 24, 2021 by

Ken Maynard • edited Mar 25, 2021 by

Ken Maynard

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0