> hello,
>
> i added a new 2008 server to my 2000 domain (with 2000 and 2003 DC's) and
> made it a DC.
> then i wanted to install WSUS 3 on this new 2008 DC.
> therefore i installed SQL 2005 and IIS 7.
> i now have the -known- problem that the IUSR_ accounts are not registering
> in AD.
> the solution would be to run a .js script
> (http://support.microsoft.com/kb/946139)
>
> BUT, when running this script (SamUpgradeTask.js) on my 2008 DC i get the
> following error:
> "the directory property cannot be found in the cache" on line 52.
>
> anyone any ideas?
>
> cheers,
> Steven.

"David Wang" wrote:

> On Oct 30, 3:38 am, Steven Cools
> <StevenCo***@discussions.microsoft.com> wrote:
> > hello,
> >
> > i added a new 2008 server to my 2000 domain (with 2000 and 2003 DC's) and
> > made it a DC.
> > then i wanted to install WSUS 3 on this new 2008 DC.
> > therefore i installed SQL 2005 and IIS 7.
> > i now have the -known- problem that the IUSR_ accounts are not registering
> > in AD.
> > the solution would be to run a .js script
> > (http://support.microsoft.com/kb/946139)
> >
> > BUT, when running this script (SamUpgradeTask.js) on my 2008 DC i get the
> > following error:
> > "the directory property cannot be found in the cache" on line 52.
> >
> > anyone any ideas?
> >
> > cheers,
> > Steven.
>
>
> You should contact Microsoft PSS regarding support for the KB article.
> That way, if there is a problem in the script, Microsoft knows to fix
> it, and it helps everyone out, instead of just you if we resolve it
> here.
>
> For the most part, the problems are because you have older DCs and
> thus constrain IIS7 to have the same problems installing on DCs as
> prior versions. If/When you migrate forward, these issues go away.
> IIS7 uses a built-in IUSR account to Windows Server 2008, which means
> that all those issues with password expiration, accidentally denial of
> anonymous auth user of IIS, user/ACL synchronization across multiple
> machines, etc are no longer possible -- but with an old DC, all those
> issues remain in addition to new issues mentioned in the KB.
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //
>

"Steven Cools" wrote:

> since the script resulted in an error (and i thought it would've been well
> tested by MS) i tried the following:
>
> i transferred all the fsmo roles from the old 2K DC to the new 2K8 DC,
> uninstalled SQL 2005, removed the IIS role and added it again after rebooting.
> i now have the group IIS_IUSRS but it's empty (no IUSR_ account)
> and when running the script i now get a different eror:
> "domain is already operating in a mode higher than Windows Server 2003 mode.
> Stopping script execution"
>
> i checked my domain functional level and it is still "Windows 2000 native".
>
> any ideas?
>
> S.
>
> PS: David, since the script is already from december 2007 i assume the
> technet forums are a right place for questions/problems like these, no?
>
> "David Wang" wrote:
>
> > On Oct 30, 3:38 am, Steven Cools
> > <StevenCo***@discussions.microsoft.com> wrote:
> > > hello,
> > >
> > > i added a new 2008 server to my 2000 domain (with 2000 and 2003 DC's) and
> > > made it a DC.
> > > then i wanted to install WSUS 3 on this new 2008 DC.
> > > therefore i installed SQL 2005 and IIS 7.
> > > i now have the -known- problem that the IUSR_ accounts are not registering
> > > in AD.
> > > the solution would be to run a .js script
> > > (http://support.microsoft.com/kb/946139)
> > >
> > > BUT, when running this script (SamUpgradeTask.js) on my 2008 DC i get the
> > > following error:
> > > "the directory property cannot be found in the cache" on line 52.
> > >
> > > anyone any ideas?
> > >
> > > cheers,
> > > Steven.
> >
> >
> > You should contact Microsoft PSS regarding support for the KB article.
> > That way, if there is a problem in the script, Microsoft knows to fix
> > it, and it helps everyone out, instead of just you if we resolve it
> > here.
> >
> > For the most part, the problems are because you have older DCs and
> > thus constrain IIS7 to have the same problems installing on DCs as
> > prior versions. If/When you migrate forward, these issues go away.
> > IIS7 uses a built-in IUSR account to Windows Server 2008, which means
> > that all those issues with password expiration, accidentally denial of
> > anonymous auth user of IIS, user/ACL synchronization across multiple
> > machines, etc are no longer possible -- but with an old DC, all those
> > issues remain in addition to new issues mentioned in the KB.
> >
> >
> > //David
> > http://w3-4u.blogspot.com
> > http://blogs.msdn.com/David.Wang
> > //
> >

> since the script resulted in an error (and i thought it would've been well
> tested by MS) i tried the following:
>
> i transferred all the fsmo roles from the old 2K DC to the new 2K8 DC,
> uninstalled SQL 2005, removed the IIS role and added it again after rebooting.
> i now have the group IIS_IUSRS but it's empty (no IUSR_ account)
> and when running the script i now get a different eror:
> "domain is already operating in a mode higher than Windows Server 2003 mode.
> Stopping script execution"
>
> i checked my domain functional level and it is still "Windows 2000 native".
>
> any ideas?
>
> S.
>
> PS: David, since the script is already from december 2007 i assume the
> technet forums are a right place for questions/problems like these, no?
>
>
>
> "David Wang" wrote:
> > On Oct 30, 3:38 am, Steven Cools
> > <StevenCo***@discussions.microsoft.com> wrote:
> > > hello,
>
> > > i added a new 2008 server to my 2000 domain (with 2000 and 2003 DC's) and
> > > made it a DC.
> > > then i wanted to install WSUS 3 on this new 2008 DC.
> > > therefore i installed SQL 2005 and IIS 7.
> > > i now have the -known- problem that the IUSR_ accounts are not registering
> > > in AD.
> > > the solution would be to run a .js script
> > > (http://support.microsoft.com/kb/946139)
>
> > > BUT, when running this script (SamUpgradeTask.js) on my 2008 DC i get the
> > > following error:
> > > "the directory property cannot be found in the cache" on line 52.
>
> > > anyone any ideas?
>
> > > cheers,
> > > Steven.
>
> > You should contact Microsoft PSS regarding support for the KB article.
> > That way, if there is a problem in the script, Microsoft knows to fix
> > it, and it helps everyone out, instead of just you if we resolve it
> > here.
>
> > For the most part, the problems are because you have older DCs and
> > thus constrain IIS7 to have the same problems installing on DCs as
> > prior versions. If/When you migrate forward, these issues go away.
> > IIS7 uses a built-in IUSR account to Windows Server 2008, which means
> > that all those issues with password expiration, accidentally denial of
> > anonymous auth user of IIS, user/ACL synchronization across multiple
> > machines, etc are no longer possible -- but with an old DC, all those
> > issues remain in addition to new issues mentioned in the KB.
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //- Hide quoted text -
>
> - Show quoted text -

"Steven Cools" wrote:

> hello,
>
> i added a new 2008 server to my 2000 domain (with 2000 and 2003 DC's) and
> made it a DC.
> then i wanted to install WSUS 3 on this new 2008 DC.
> therefore i installed SQL 2005 and IIS 7.
> i now have the -known- problem that the IUSR_ accounts are not registering
> in AD.
> the solution would be to run a .js script
> (http://support.microsoft.com/kb/946139)
>
> BUT, when running this script (SamUpgradeTask.js) on my 2008 DC i get the
> following error:
> "the directory property cannot be found in the cache" on line 52.
>
> anyone any ideas?
>
> cheers,
> Steven.

"Clifford Gindulis" wrote:

> I can't recommend doing this but I did find a way to work around it.
>
> What worked for me, but may completely corrupt your server, was to REM out
> the pdc functionality level check.
>
> Here is how it looks now:
>
> // Check whether the PDC is a legacy domain or not.
> // var domainControllerFunctionality =
> pdcRootDse.Get("domainControllerFunctionality");
> 
> //if ( domainControllerFunctionality > 2 )
> //{
> //    WScript.Echo("Domain is already operating in a mode higher than
> Windows Server 2003 mode. Stopping script execution.");
> //    WScript.Quit(0);
> //}
>
> I suspect this problem is related to the DNS root partition error that I
> had. That was fixed by moving the Operations Master role off of the 2000 ADC
> and onto the new 2008 ADC.
>
> Anyway, changing the script got it for me...but I was in a position where I
> could gamble the server build. You will want to think twice before trying it
> on a production machine.
>
>
> "Steven Cools" wrote:
>
> > hello,
> >
> > i added a new 2008 server to my 2000 domain (with 2000 and 2003 DC's) and
> > made it a DC.
> > then i wanted to install WSUS 3 on this new 2008 DC.
> > therefore i installed SQL 2005 and IIS 7.
> > i now have the -known- problem that the IUSR_ accounts are not registering
> > in AD.
> > the solution would be to run a .js script
> > (http://support.microsoft.com/kb/946139)
> >
> > BUT, when running this script (SamUpgradeTask.js) on my 2008 DC i get the
> > following error:
> > "the directory property cannot be found in the cache" on line 52.
> >
> > anyone any ideas?
> >
> > cheers,
> > Steven.

"Steven Cools" wrote:

> hello,
>
> i added a new 2008 server to my 2000 domain (with 2000 and 2003 DC's) and
> made it a DC.
> then i wanted to install WSUS 3 on this new 2008 DC.
> therefore i installed SQL 2005 and IIS 7.
> i now have the -known- problem that the IUSR_ accounts are not registering
> in AD.
> the solution would be to run a .js script
> (http://support.microsoft.com/kb/946139)
>
> BUT, when running this script (SamUpgradeTask.js) on my 2008 DC i get the
> following error:
> "the directory property cannot be found in the cache" on line 52.
>
> anyone any ideas?
>
> cheers,
> Steven.