Directory object not found during dcpromo

G

Guest

Upgraded NT PDC to Windows AD in a forest with other child domains. Than
setup a Windows 2000 member server, run dcpromo to promote it as a 2nd domain
controller but failed with "Directory object not found" error. Check KB and
events log and confirmed that error is due to missing built-in Administrator
account - account seem to be delete by AD due to duplicates. How to recover
from this?

Objective is to setup 2nd and 3rd DC, than decommission the PDC upgraded DC.
Forest already has 3 child domains promoted successfully from NT PDC.

Thanks for your help.
 
H

Herb Martin

DavidT said:
Upgraded NT PDC to Windows AD in a forest with other child domains. Than
setup a Windows 2000 member server, run dcpromo to promote it as a 2nd domain
controller but failed with "Directory object not found" error. Check KB and
events log and confirmed that error is due to missing built-in Administrator
account - account seem to be delete by AD due to duplicates. How to recover
from this?
Click to expand...

Is the Win2000 server running SP4? (Technically SP3 plus some hot fixes
is sufficient but there is practically zero reason to avoid SP4+).

What did the Event Log (System locally, or System andAD on the DC) say?
Objective is to setup 2nd and 3rd DC, than decommission the PDC upgraded DC.
Forest already has 3 child domains promoted successfully from NT PDC.
Click to expand...

Next step would be to review DNS and check on the Domain Naming
Master (allows domains into forest.)

DCDiag is your friend -- run on all DCs (regularly).
 
J

Jorge_de_Almeida_Pinto

Upgraded NT PDC to Windows AD in a forest with other child
domains. Than
setup a Windows 2000 member server, run dcpromo to promote it
as a 2nd domain
controller but failed with "Directory object not found" error.
Check KB and
events log and confirmed that error is due to missing built-in
Administrator
account - account seem to be delete by AD due to duplicates.
How to recover
from this?

Objective is to setup 2nd and 3rd DC, than decommission the
PDC upgraded DC.
Forest already has 3 child domains promoted successfully from
NT PDC.

Thanks for your help.
Click to expand...

I wonder how to do you get a duplicate administrator account

first check out if the administrator really is gone

use both the utils USER2SID and SID2USER (google)

Take an existing user and run:
USER2SID \<PDC> <existing user>

the output will be something like:
S-1-5-21-2023212167-3561086443-2747427212-11987
------------------------------------------------------- -------
domain sid rid

the administrator account has a RID of 500

so execute now
SID2USER \<PDC> 5 21 2023212167 3561086443 2747427212 500

this should let you see with account is the builtin administrator
account

Try this first
 
G

Guest

Thanks, will try this out. I did similar post in "Windows Server Active
Directory" (by mistake as I thought first post was unsuccessful) and gotten
good lead to go on. Question now is how to clean out the deleted
administrator id without screwing up AD. Thanks for your help.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DCpromo not promoting 1
DCPROMO failure 2
Can not add second DC to active directory domain 3
Active Directory and dcpromo 2
Adding a 2000 AD child domain under a 2003 AD forest root domain 2
Active Directory Installation failed 1
Forest Consolidation 3
Rebuilt forest root DC, now got repl errors, SIDs? 2

Top