RUNAS for ADUC MMC results in "Snap-in Creation Failed"

I can run the Active Directory for Users and Computers MMC on my computer without a problem.  I intent to remove my account from the Domain Admins group (which it is a member of now) and use the Run As command and specify a different account (good security practice).

When I use the Run As and specify our domain Administrator account, the snap-in fails to open and I get:

Snap-in Creation Failed.

The snap-in is not created, it may not be installed properly.

Name: Active Directory Users and Computers


Any ideas?  My web search yielded very little results and none that helped.

LVL 16
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Are you trying to open the snapins directly? e.g "services.msc" or "gpedit.msc"

Try doing a

runas /user:domain\domainadmin "mmc"

Then add your snap-ins from there.
robrandonAuthor Commented:
I ran the command as you stated.  DOS window opens up and prompts me for the credentials of the account.  Once I enter it an empty MMC opens.

I then go through the process of adding the ADUC snap-in.  I get a similar error when highlighting the ADUC snap-in and clicking Add:

Snap-in failed to initialize.
Name:Active Directory Users and Computers

Any other ideas?

Is the secondary logon service enabled?  I'm guessing it must be otherwise I don't think you'd get as far as you have.
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

robrandonAuthor Commented:
Yes, it is running.  I can open other MMC snap-ins, such as DNS or DHCP as the alternate user.  It's just getting hung up on a few of them, such as ADUC and ADSS.

Just out of curiosity, have you tried logging into the computer as the domain admin account?  Try running ADUC and ADSS when actually logged in.
robrandonAuthor Commented:
Whoa.  When I logon as the domain admin account on my local computer it does NOT run.  Thoughts on that?
It sounds like your computer account is not in sync with the domain controller.  You can try resetting the account in ad, but you may have to remove the computer account, disjoin from the domain, reboot and the rejoin.
robrandonAuthor Commented:
What do you mean my computer account is not in sync with the DC?  I can log on with both accounts on my local machine and access resources in the domain without a problem.  I don't think that is the issue.  Any other thoughts?

Go into ADUC and find your computer account.  Right click on it and go to Reset Password.

This will update the machine credentials on the domain.  You will now have to remove and rejoin the computer to the domain in order to update the computer's cached credentials.  Now have the users log on and try logging on while disconnected from the domain.

The part in your process you might have been missing is the "reset password" on the COMPUTER account.  In my experience that problem is never as obvious as it maybe should be.  It can look like a lot of other things at times.
Being able to access domain resources & login on the local machine does not indicate the the maching account is synced with the dc.  I still would suggest reset password, remove from domain and rejoin.  Please let me know if this works or not.
robrandonAuthor Commented:
Ok, so I attempted the above and it had 0 effect.  I am still getting the same error.  I am going to attempt to uninstall the tools and reinstall.  IF that doesn't work, any other ideas?

robrandonAuthor Commented:
Ok, the reinstall didn't work.  What is going on here.  I'm stumped.

Try logging onto your computer with the credentials of the account you want to run it on, and re-install the administrative tools.  Confirm it works under those credentials, then try to run it logged on as you with those same credentials.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
robrandonAuthor Commented:
Cool.  That did the trick.  Any idea what was going on?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.