Solved

Promoting a Windows 2012 Server to DC

Posted on 2014-02-21
5
2,951 Views
Last Modified: 2014-05-07
HI

I ran the dc promotion on a windows 2012 server yesterday - and it is still saying installing NTDS on a remote server.  Should it take this long? Can I safely terminate the process and start again?

I have two other domain controllers in place - one 2012 and one 2003

Yamin
0
Comment
Question by:yaminz66
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 12

Expert Comment

by:SreRaj
ID: 39876494
Hi,

The only steps which takes time during a DC Promotion would be replication of existing NTDS database to the new DC. However, it may not take one day to complete. It depends on the size of the database file NTDS.dit which will be by default in the path C:\Windows\NTDS. You could check the size of this file on your existing DC and check your network bandwidth to calculate approximately how much time it would take for the DB replication.

Sometimes if there is AD replication failures between DCs then installation could be stuck in the step "Creating the NTDS settings object" step. To fix this, you have to verify that the existing DCs are working fine and they are replicating fine over the network.

Please refer Resolution section in the following article to fix replication issues on the existing DCs.

http://social.technet.microsoft.com/wiki/contents/articles/11809.troubleshooting-ad-replication-error-1908-could-not-find-the-domain-controller-for-this-domain.aspx

It is not advisable to stop a DC installation in between. Please check for any events logged in Application/System logs as well which could help us in identifying current status.
0
 

Author Comment

by:yaminz66
ID: 39876666
HI

Thanks for the response. The replication between the existing DC are fine, I have run the replication and checked the size of the databases on the existing  2012 DC is 124 MB and 66MB on the 2003 DC.

The new server appears partially in the replication manager, but not the NTDS settings and the size of NTDS.dlt is very small, around 12MB. Looks like replication has failed.

The event viewer gave the following error, said access denied - that is odd given that I am using the admin account.   Any ideas why?



Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          2/20/2014 5:33:25 PM
Event ID:      1963
Task Category: DS RPC Client
Level:         Error
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      PrimaryServer.domain.local
Description:
Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
 
Process ID:
560
 
Reported error information:
Error value:
Access is denied. (5)
directory service:
Boxtop-Server.domain.local
 
Extensive error information:
Error value:
Access is denied. 5
directory service:
PrimaryServer
 
Additional Data
Internal ID:
5000dfc
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
    <EventID Qualifiers="49152">1963</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>22</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-20T17:33:25.647469200Z" />
    <EventRecordID>5</EventRecordID>
    <Correlation />
    <Execution ProcessID="560" ThreadID="4660" />
    <Channel>Directory Service</Channel>
    <Computer>PrimaryServer.domain.local</Computer>
    <Security UserID="S-1-5-7" />
  </System>
  <EventData>
    <Data>Access is denied.</Data>
    <Data>5</Data>
    <Data>Boxtop-Server.domain.local</Data>
    <Data>Access is denied.</Data>
    <Data>5</Data>
    <Data>PrimaryServer</Data>
    <Data>560</Data>
    <Data>5000dfc</Data>
  </EventData>
</Event>


regards
0
 

Author Comment

by:yaminz66
ID: 39876729
Hi

I think I tried to promote the DC logged in as a local admin instead of Domain admin. Hence the access denied error.

Whats the best way to stop this ""Creating the NTDS settings object" process and start again?

Regards

Yamin
0
 

Author Comment

by:yaminz66
ID: 39876763
Hi

I am gone follow the steps here -

http://support.microsoft.com/kb/2737935


Regards

Yamin
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 39877643
is there still an issue here or did that kb article resolve it?
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question