Cannot create child domain

android_sav
android_sav used Ask the Experts™
on
Hello!
Help me, please, in creating a first dc in a new child domain of Active Directory.

I configured a child DNS zone in a member server and delegated this zone in a parent DNS server to that server. Then I ran DCPROMO on a server.
But when it starts to install AD after disjoining parent domain it crashes with an error:
The operation failed because:

A domain controller could not be contacted for the domain <domain> that contained an account for this computer.
Make the computer a member of a workgroup then rejoin the domain before retrying the promotion.


"The specified domain either does not exist or could not be contacted."
This server has been disjoined from domain <domain>

After rejoinining this error still happens.
There's a part of a C:\Windows\Debug\DCPROMO.log file:
10/22 11:42:00 [INFO] Start the worker task
10/22 11:42:00 [INFO] No source DC or no site name specified. Searching for dc in domain <domain>: ( DS_REQUIRED | WRITABLE )
10/22 11:42:00 [INFO] Request for promotion returning 0
10/22 11:42:00 [INFO] Searching for a domain controller for the domain <domain>

10/22 11:42:02 [INFO] Couldn't find domain controller in domain  (error: 1355)
10/22 11:42:02 [INFO] Error - A domain controller could not be contacted for the domain <domain> that contained an account for this computer.
Make the computer a member of a workgroup then rejoin the domain before retrying the promotion.
 (1355)
10/22 11:42:02 [ERROR] Failed to find a dc for <domain>: 1355
10/22 11:42:02 [INFO] The attempted domain controller operation has completed

10/22 11:42:02 [INFO] DsRolepSetOperationDone returned 0


Thanks for any help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
     
If the server on which you want to install Active Directory is a domain member, you can not do the operation.

You must first remove the new server domain (properties of the workstation / computer name / change => member of Workgroup)
Then, you mark a workgroup and then restarts
Then  you can finally run the DCPROMO command
(Attention has informed the primary domain controller as the other server)

Author

Commented:
Active Directory installation also crashes if the server is a workgroup member, but earlier.
When configuring parameters of a parent and child domain names by DNS names the domain controller also couldn't be found.
But when this server is a domain member, configuring was successful and promotion crashed later
Brian PiercePhotographer
Awarded 2007
Top Expert 2008

Commented:
The correct way to do this:
1. Don't do anything with DNS at this stage !
2. Join the machine that will be the new DC to the existing domain as a member server - give it a static Ip and point it at the existing DC for its DNS
3. Run DCPromo and select New DC for New Domain, in Existing Forest
4. Installl DNS on the new DC
5 Delegate DNS if you want (you don't have to)
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Thanks for your solution, but it wasn't helpful:
Still after joing domain (now - without local DNS), it gives me to fill all installation parameters and when promotion begins:
1) disjoining domain - success
2) finding domain controller - fail

Commented:
If you can not join the domain, it may be because the DNS does not resolve.
Check the address of the domain controller is indicated in your ip configuration.

Can you perform the following command:
nslookup yourdomain

If the command fails, the problem is on the side of the DNS

Author

Commented:
DNS service is working correct
nslookup <mydomain>
shows me full list of domain controllers, resolve its names

Author

Commented:
And two more moments:
1) my root domain is in Windows 2003 interim domain level (because there's last NT4 BDC), can i add child domain to that domain?
2) my root DNS has a single label dns name, may be this cause the problem?
Thanks to all!
The problem was solved:
The cause was in a single label dns name. After setting 2 keys in registry child domain was created.
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\AllowSingleLabelDnsDomain set to 1
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\updateTopLevelDomainZones (for W2K3) set to 1

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial