Share via

Windows Server 2019 AD - Problem to add additional Active Directory

Sokoban 1,041 Reputation points
2020-12-20T12:11:25.79+00:00

Hi

I have a problem adding my Windows Server 2019 to the additional AD server, I try to promote my server, got that error message...

The operation failed because:

Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=XXX ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=XXX,DC=LOCAL on the remote AD DC XXX.XXX.LOCAL. Ensure the provided network credentials have sufficient permissions.
"The Directory Service cannot perform the requested operation because a domain rename operation is in progress."

I have got that solution, without success :-(

Resolution
To resolve this issue, follow these steps:

  • Verify that all the steps and conditions in the "Resolution" section of Knowledge Base article 2002413 are true for your environment.
  • If domain controller promotion still fails even after you make sure that the user also has the SeEnableDelegationPrivilege permission, check ADSIEdit.msc to verify the user's effective permissions for the domain partition:
  • Click Start, click Run, and then type adsiedit.msc.
  • Expand Default naming context, right-click DC=domain,DC=com, and then click Properties.
  • On the Security tab, click the Advanced button.
  • On the Effective Access tab, enter the user or group name of the user who is performing the operation that's failing in DCPromo.
  • Confirm whether the Add/remove replica in domain control access permission has been granted.
  • If the Add/Remove Replica In Domain permission is missing for the user or group, add it by using ADSIEdit.msc:
  • Click Start, click Run, and then type adsiedit.msc.
  • Expand Default naming context, right-click DC=domain,DC=com, and then click Properties.
  • On the Security tab, click the Advanced button.
  • On the Permissions tab, add the Add/remove replica in domain control access permission for the desired user or group as follows:
    • Type: Allow
    • Applies to: This object only

Anyone with more ideas ??

Please help

--- Sokoban ----

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,810 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,681 questions
0 comments
Accepted answer
  1. Thameur-BOURBITA 33,491 Reputation points
    2020-12-20T13:23:19.577+00:00

    Hi,

    I mean use the run adprep /forestprep and adprep /domainprep from CD installation of windows 2019.

    "The Directory Service cannot perform the requested operation because a domain rename operation is in progress."

    regarding the error above you can launch the following command rendom /end to stop the rename process

    please don't forget to mark this reply as answer if it help you to fix your issue

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 33,491 Reputation points
    2020-12-20T12:28:25.117+00:00

    Hi,

    When you promote the first domain controller on Windows 2019 , you have to use a account member of enterprise admins group and schema admins group to be able to upgrade the schema version in your forest to support a domain controller on windows 2019.

    You can upgrade the schema version manually , but since windows 2012 it can be automatically when your promote the first domain controller using account members of Domain admins, enterprise admins and schema admins groups.

    Please don't forget to mark this reply as answer if it help you to fix your issue

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.