Unable to dcpromo new 2008 Server in 2000 domain

This is going to sound crazy but only because I did this to myself once. Check and be sure there are no firewalls or network issues. I had one network once where I accidently had the windows firewall turned on, on one of the DC's (there were 4), so because this DC wasn't replicating properly I couldn't do any AD upgrades. Though the rest of the network was working fine so there were no symptions until I tried to update the schema in my case.

Simple test, make sure each DC can ping every other DC and that all DNS is resolving properly. Also ensure the AD is in the highest that Windows 2000 can go, I'm not sure how backwards compatiable 2008 is as a DC.

You need to update the AD schema to the 2008 format. Between each version of AD (2000, 2003, 2003R2 and 2008) there have been schema changes. There's a tool called adprep on the 2008 DVD. I think first you will run adprep /domainprep and then adprep /forestprep. There is potentially a third one that's new to 2008. running adprep /? should help you.

Your account's SID is NOT wrong. The only account which ends in that 500 is the built-in Administrator account which is created when the domain is built. Likewise that applies to the built-in administrator account in the local SAM of a workstation/server/* NT box.

As for your dcpromo problem, post the dcpromo.log from %SystemRoot%\Debug.

Thanks, Brian Desmond Active Directory MVP

Make sure that the domain is upgraded from mixed mode. The initial 2000 install (like the others) has a limited functionality version. You can bounce it up to full 2000 only domain. Once that is done, try the upgrade again.

If you get no joy with that, get a copy of 2003 ( your 2008 licence also downgrading ) and do the upgrade to a 2003 domain. Once again, upgrade the domain functionality level afterwards. Then try step up to the 2008 domain.

Also, leave some time after each step if/when it completes so things can replicate in the background.