Stupid Question Thread

[Eschaton]

I apologize profusely if this has been posted elsewhere; I'm not sure I did an exhaustive keyword search of the forums before posting - but then that would be because I don't have a good grasp on terminology for this segment of IT. In fact, I'm not really an IT guy - just a lone technical writer with enough knowledge of networking and personal computing to get himself deep in trouble with Zentyal. Normally I'd give up, but my company really needs to upgrade its local exchange caching server and I'm the only one with anywhere near the requisite knowledge at my company 

Here's the problem - I can't for the LIFE of me figure out how to get Zentyal set up as an additional ADC/BDC. Every time I enter my information (FQDN, domain, etc), it eventually tells me that the AD I want to be an additional controller on is not compatible with Zentyal 4.2 because it has a forest level that needs to be at least Windows 2003.

OK, fine, I said to myself, and called up an external IT guy, who was able to confirm for me that yes, he could upgrade my forest to Windows 2003. He did so without issue, but I am still getting the error message. At this point I suspect it is because I am entering some information wrong about my network setup. Suspicion presently rests on the request for an administrator username and password - is this supposed to be the username and password I use to administrate the Zentyal box, or should it be identical with the username and password used on the PDC?

[trysomething]

You are so far from asking a stupid question here - VERY good question and VERY well written.
Here's where AD and LDAP get kind of fuzzy and weird though.
If you look at your AD structure it is kind of like a tree but instead of the roots at the bottom being in charge of it the very top is where the big head honcho lives.  So then you have LDAP over on your Zentyal box, which is run by someone that can't login to the web GUI oddly enough.  The user that can sign into the web GUI is in a local admin account on your Zentyal box, not a domain member.
Then to further confuse the situation everyone you create is a domain user that can't populate or change the LDAP.
Well by now I should point out that the question may not have been stupid the answer is.
You go into your AD and create a user "LDAPadmin" or something like that you can easily remember and give it a very good, strong password.  Move that guy into the AD Admins account and move it as high up in your domain tree as possible giving it authority to all of the containers you need access to and then some.
Now go login and make the same user in Zentyals' web GUI BUT assign it to the Domain Administrators group.
Yep, that's the problem, the same user didn't have the same rights on both sides of the fence so nothing's going to work until that happens.
Before you go too deep into this though are you planning on migrating from something like Exchange or Small Business Server to Zentyal?  This won't move the AD info from old server to new server it will only allow you to manage the LDAP of your Zentyal server from your AD server.  If that's the plan then you're not going to be happy with the end result because you're not going to be able to retire the old server.  There is a method to migrate existing AD users over to Zentyal though, I don't remember exactly but there's something about it in the Wiki I think.  If you need more help with this just let me know via the forums - I'm not here all of the time but I do check in pretty regularly.