Deploying an additional domain controller

[Guest]

I am attempting to deploy an additional domain controller to my Windows 2000 AD domain.

We currently have a single domain controller, running Windows 2000 Advanced Server SP4. It's running the standard schema + an extension for our CRM Server that we deployed.

I am attempting to deploy an additional domain controller running Windows 2003 Enterprise. I have already extending the schema for both the forest and the domain using adprep. And am trying to us Configure Your Server wizard to deploy the DC.

It all works well until the very end, at the very end it comes up with a password prompt "The wizard is unable to change the computer account for [Server name] to a domain controller."

I have tried both my personal domain admin account, and my main admin account, none of the passwords work.

There server is located within an OU, about three deep, even after I grant myself delegation rights, it still doesn't want to run. I have reached my wits end, and am considering pestering MS support.

 

[Mark Renoden [MSFT]]

Hi Shawn

It might have something to do with the location of the computer account in
the OU heirarchy. Are you able to:

1. Move this 2003 server to a workgroup temporarily.

2. Delete the computer account from Active Directory using AD Users and
Computers.

3. Point the "Preferred DNS settings at the Windows 2000 DC (I assume this
is where the DNS zone for the domain lives).

4. Use Start -> Run -> dcpromo -> OK.

5. Step through the wizard and provide credentials as appropriate.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Hi Mark,

Same error.

Shawn

 

[Mark Renoden [MSFT]]

Hi Shawn

Try harvesting the dcpromo.log and dcpromoui.log files from
%systemroot%\debug on the Windows Server 2003 machine and examining them for
an error. Cross reference anything you find with the online Microsoft
knowledge base or Technet.

Feel free to email the logs to me directly and I'll take a brief look.
Failing this, I'd suggest logging a support incident.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Mark,

Same error.

Shawn

Hi Shawn

It might have something to do with the location of the computer account
in
the OU heirarchy. Are you able to:

1. Move this 2003 server to a workgroup temporarily.

2. Delete the computer account from Active Directory using AD Users and
Computers.

3. Point the "Preferred DNS settings at the Windows 2000 DC (I assume
this
is where the DNS zone for the domain lives).

4. Use Start -> Run -> dcpromo -> OK.

5. Step through the wizard and provide credentials as appropriate.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[Mark Renoden [MSFT]]

Hi Shawn

I got your log files and took a look. May I suggest:

232070 When you run Dcpromo.exe to create a replica domain controller, you
http://support.microsoft.com/?id=232070

If this doesn't resolve the issue, I'd suggest logging a support incidenct.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Shawn

Try harvesting the dcpromo.log and dcpromoui.log files from
%systemroot%\debug on the Windows Server 2003 machine and examining them
for an error. Cross reference anything you find with the online Microsoft
knowledge base or Technet.

Feel free to email the logs to me directly and I'll take a brief look.
Failing this, I'd suggest logging a support incident.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Hi Mark,

Same error.

Shawn

Hi Shawn

It might have something to do with the location of the computer account
in
the OU heirarchy. Are you able to:

1. Move this 2003 server to a workgroup temporarily.

2. Delete the computer account from Active Directory using AD Users and
Computers.

3. Point the "Preferred DNS settings at the Windows 2000 DC (I assume
this
is where the DNS zone for the domain lives).

4. Use Start -> Run -> dcpromo -> OK.

5. Step through the wizard and provide credentials as appropriate.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to
email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[Guest]

Mark,

As I said in my reply e-mail, it worked like a charm.

Though for some reason I was unable to set my account (even from the main admin login) for delegation. So I added myself directly to the GPO as the article said.

Thanks,
Shawn

Hi Shawn

I got your log files and took a look. May I suggest:

232070 When you run Dcpromo.exe to create a replica domain controller, you
http://support.microsoft.com/?id=232070

If this doesn't resolve the issue, I'd suggest logging a support incidenct.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Shawn

Try harvesting the dcpromo.log and dcpromoui.log files from
%systemroot%\debug on the Windows Server 2003 machine and examining them
for an error. Cross reference anything you find with the online Microsoft
knowledge base or Technet.

Feel free to email the logs to me directly and I'll take a brief look.
Failing this, I'd suggest logging a support incident.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Hi Mark,

Same error.

Shawn

:

Hi Shawn

It might have something to do with the location of the computer account
in
the OU heirarchy. Are you able to:

1. Move this 2003 server to a workgroup temporarily.

2. Delete the computer account from Active Directory using AD Users and
Computers.

3. Point the "Preferred DNS settings at the Windows 2000 DC (I assume
this
is where the DNS zone for the domain lives).

4. Use Start -> Run -> dcpromo -> OK.

5. Step through the wizard and provide credentials as appropriate.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to
email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.