We help IT Professionals succeed at work.

First DC in new Tree

KratosDefense
KratosDefense used Ask the Experts™
on
Guys, Im going to add the first DC to a new domain tree in my forest (win 2008 R2). It will create a trust with the parent domain. Does this new DC need to be apart of the parent domain before I dcpromo it?

I tried to DCpromo it as a stand alone in no domain and got error:
The operation failed because:

Failed to create a trust with domain Kratos.lan on the parent domain controller sd-2k3dc01.wfinet.com


"The specified account already exists."

Thxs
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2013

Commented:
Was this machine ever joined to the domain in the past?
Are you choosing to create a new tree.
Can you post the dcpromo logs located in %SystemRoot%\Debug
I'm assuming you are pointing it to the current DNS server for DNS.  
Thanks
Mike
Top Expert 2012

Commented:
Are you naming the DC the same name as another DC?

Author

Commented:
The machine was on the domain in the past. I just renamed the box. It did have a funky name that might already have an account in AD. looking

Does this box need to be apart of my parent domain before I DCPROMO it? will this box join itself to the new domain after the dcpromo finishes or?
Top Expert 2012

Commented:
No.

The box will join a new domain within the forest. I would run metadata cleanup to make sure that there are not any lingering objects.
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
It shouldn't be a part of the domain before adding it to the forest. DCPROMO it, and add it as a new domain controller in an existing Forest.
Top Expert 2013

Commented:
Yeah why I asked about it being part of the domain before is what Darius finished off.  See if that box is in your current AD, metadata cleanup is a good suggestion too.

Thanks

Mike

Author

Commented:
I did all the steps required. Still getting:
The operation failed because:
Failed to create a trust with domain kratos.lan on the parent domain controller sd-2k3dc01.wfinet.com
"The specified account already exists."

What account is it referring to?

Author

Commented:
where can I find the dcpromo logs?
Adam BrownSenior Systems Admin
Top Expert 2010

Commented:
Here's a good resource for troubleshooting Active Directory adds and removes: http://technet.microsoft.com/en-us/library/cc961804.aspx
Run a search for dcpromo.log on your computer to find the logs.

Author

Commented:
not sure if this is a problem:
Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Date:          7/1/2010 10:43:20 AM
Event ID:      414
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      sd-ktosdc01
Description:
The DNS server computer currently does not have a DNS domain name.  Its DNS name is a single-label host name with no domain (for example:  "host" rather than "host.microsoft.com").
 
You might have forgotten to configure a primary DNS domain for the server computer.
 
Because the DNS server has only a single-label name, all zones created will have default records (SOA and NS) created using only this single-label name for the server's host name.  This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name.
 
To correct this problem:
  1) Click Start, and then click Control Panel.
  2) Open System and Maintenance , and then open System.
  3) Click Change Settings, and then click Change.  4) Click either Domain or Workgroup, and then type the name of the domain or  workgroup you want the computer to join; the domain or workgroup name will be used as your DNS domain name.
  5) When prompted, restart the computer.
 
After the computer restarts, the DNS server will attempt to fix up default records, substituting the new DNS name of this server for the old single-label name.  However, you should review the zone's SOA and NS records to ensure that they now use the correct domain name of this server.
Event Xml:

Author

Commented:
dcpromo log
dcpromoui.log

Author

Commented:
anything in the dcpromo log that stands out?

Author

Commented:
?
Top Expert 2012

Commented:

Commented:
The issue is DNS.  You have not defined an auhtoritative zone at the root of your forest for kratos.lan.  Set this up first before you try the DCPROMO again, (make sure to delegate this out to your new server SD-KTOSDC01).  This should then enable you to create the disjointed namespace for your new tree.
kratos.lan. dns Zone should have
soa record and Ns record ..
and host a record ot the server thay you are trying to promote..

and this server shold have full computer name with dns suffix  liike dco1.KARTOS.LAN

once you have set that.. restart netlogon on the currect dc..

and start DCPROMO  again

Author

Commented:
I did exactly what the last 2 posts suggested. Still getting the same error! I even rebuilt a new machine and still the same. any other ideas?

Author

Commented:
no luck.