cannot complete dcpromo


phil sigley

Hi, i wonder if someone could possibly help me with setting up active
directory. I have some understanding of how it works. I have added DCs
to existing domains before but i have never created a new one.

On our network we have '' at the top lever then there is
'' and ''. I want to create a
third domain '' however when i run dcpromo and fill
in all the details the replication fails and doesnt install AD. I get
the following message.The operation failed because:

The Directory Service failed to create the object
Please check the event
log for possible system errors.

"The role owner attribute could not be read. "

The event directory service event log shows the following error

Event Type: Error
Event Source: NTDS General
Event Category: (9)
Event ID: 1168
Date: 08/07/2004
Time: 14:25:17
User: Everyone
Computer: ODIN
Error -1073741823(c0000001) has occurred (Internal ID 3000b3a).
Please contact Microsoft Product Support Services for assistance.

Any help would be great.

Jim Singh


Well iam assuming that your are creating a child domain by
clicking/selecting the right options in DCPromo wizard, beause it gives you
three options initially i.e. create child domain, create delegated domain,
and create a different tree. So, make sure you have selected the one that
gives u the option to create a new child domain in an existing domain. There
are couple other things you should check:

A: make sure the "preffered dns" on the servers "IP" NIC properties is set
as the root dc IP. After the dcpromo is done and you have created a new
child domain you can change this setting to point to itself.

B. Before you do the dcpromo on the new server, make sure the replicatoin
between root domain and all other child domains have been done successfully.
You can use the replmon.exe tool to do a manual force replication of all the
directory parititions. It is very important that you have all the existing
DC replicating and up to date before you create another child domain. You
can find replmon in the win 2003 resorce kit.

C. Check you can you dont have any firewall setup between the main root
domain that is blocking any incoming traffic. You atleast need ports 3389,
25, 53 open for communication.

- Jim

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question