Solved

Promoting a Windows 2012 Server to DC

Posted on 2014-02-21
5
2,753 Views
Last Modified: 2014-05-07
HI

I ran the dc promotion on a windows 2012 server yesterday - and it is still saying installing NTDS on a remote server.  Should it take this long? Can I safely terminate the process and start again?

I have two other domain controllers in place - one 2012 and one 2003

Yamin
0
Comment
Question by:yaminz66
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 12

Expert Comment

by:SreRaj
ID: 39876494
Hi,

The only steps which takes time during a DC Promotion would be replication of existing NTDS database to the new DC. However, it may not take one day to complete. It depends on the size of the database file NTDS.dit which will be by default in the path C:\Windows\NTDS. You could check the size of this file on your existing DC and check your network bandwidth to calculate approximately how much time it would take for the DB replication.

Sometimes if there is AD replication failures between DCs then installation could be stuck in the step "Creating the NTDS settings object" step. To fix this, you have to verify that the existing DCs are working fine and they are replicating fine over the network.

Please refer Resolution section in the following article to fix replication issues on the existing DCs.

http://social.technet.microsoft.com/wiki/contents/articles/11809.troubleshooting-ad-replication-error-1908-could-not-find-the-domain-controller-for-this-domain.aspx

It is not advisable to stop a DC installation in between. Please check for any events logged in Application/System logs as well which could help us in identifying current status.
0
 

Author Comment

by:yaminz66
ID: 39876666
HI

Thanks for the response. The replication between the existing DC are fine, I have run the replication and checked the size of the databases on the existing  2012 DC is 124 MB and 66MB on the 2003 DC.

The new server appears partially in the replication manager, but not the NTDS settings and the size of NTDS.dlt is very small, around 12MB. Looks like replication has failed.

The event viewer gave the following error, said access denied - that is odd given that I am using the admin account.   Any ideas why?



Log Name:      Directory Service
Source:        Microsoft-Windows-ActiveDirectory_DomainService
Date:          2/20/2014 5:33:25 PM
Event ID:      1963
Task Category: DS RPC Client
Level:         Error
Keywords:      Classic
User:          ANONYMOUS LOGON
Computer:      PrimaryServer.domain.local
Description:
Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
 
Process ID:
560
 
Reported error information:
Error value:
Access is denied. (5)
directory service:
Boxtop-Server.domain.local
 
Extensive error information:
Error value:
Access is denied. 5
directory service:
PrimaryServer
 
Additional Data
Internal ID:
5000dfc
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
    <EventID Qualifiers="49152">1963</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>22</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-20T17:33:25.647469200Z" />
    <EventRecordID>5</EventRecordID>
    <Correlation />
    <Execution ProcessID="560" ThreadID="4660" />
    <Channel>Directory Service</Channel>
    <Computer>PrimaryServer.domain.local</Computer>
    <Security UserID="S-1-5-7" />
  </System>
  <EventData>
    <Data>Access is denied.</Data>
    <Data>5</Data>
    <Data>Boxtop-Server.domain.local</Data>
    <Data>Access is denied.</Data>
    <Data>5</Data>
    <Data>PrimaryServer</Data>
    <Data>560</Data>
    <Data>5000dfc</Data>
  </EventData>
</Event>


regards
0
 

Author Comment

by:yaminz66
ID: 39876729
Hi

I think I tried to promote the DC logged in as a local admin instead of Domain admin. Hence the access denied error.

Whats the best way to stop this ""Creating the NTDS settings object" process and start again?

Regards

Yamin
0
 

Author Comment

by:yaminz66
ID: 39876763
Hi

I am gone follow the steps here -

http://support.microsoft.com/kb/2737935


Regards

Yamin
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 39877643
is there still an issue here or did that kb article resolve it?
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question