"Insufficient Access Rights" Error Message When You Try to Seize the Schema Master Operations Master Role (267267)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
This article was previously published under Q267267

SYMPTOMS

When you use the Ntdsutil tool (Ntdsutil.exe) to try to seize or transfer the Schema Master operations master role, you may receive the following error message:
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x32(50 (Insufficient Rights).
Ldap extended error message is 00002098: SecErr: DSID-0315137D, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The Win32 error message that you receive is the 0x2098 error message (insufficient access rights to perform the operation).

Depending on the error message code, this error message may indicate a connection, Lightweight Directory Access Protocol (LDAP), or role transfer error message:
Transfer of schema FSMO failed, proceeding with seizure ...
ldap_modify of SD failed with 0x32(50 (Insufficient Rights).
Ldap extended error message is 00002098: SecErr: DSID-031513B8, problem
4003 (INSUFF_ACCESS_RIGHTS), data 0
Win32 error returned is 0x2098(Insufficient access rights to perform the operation.)

CAUSE

This behavior can occur if you are logged on with an administrative account that is not in the Schema Administrator group of the Windows 2000 Forest or RootDNSDomain.

RESOLUTION

To resolve this behavior, seize the Schema Master operations master role. To do this, verify that you are logged on with an account that is in the Enterprise Administrator group.
Modification Type:MinorLast Reviewed:10/13/2004
Keywords:kbenv kberrmsg kbFSMO kbprb KB267267
©2004 Microsoft Corporation. All rights reserved.