Directory object not found during dcpromo
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Upgraded NT PDC to Windows AD in a forest with other child domains. Than
setup a Windows 2000 member server, run dcpromo to promote it as a 2nd domain
controller but failed with "Directory object not found" error. Check KB and
events log and confirmed that error is due to missing built-in Administrator
account - account seem to be delete by AD due to duplicates. How to recover
from this?
Objective is to setup 2nd and 3rd DC, than decommission the PDC upgraded DC.
Forest already has 3 child domains promoted successfully from NT PDC.
Thanks for your help.
Upgraded NT PDC to Windows AD in a forest with other child domains. Than
setup a Windows 2000 member server, run dcpromo to promote it as a 2nd domain
controller but failed with "Directory object not found" error. Check KB and
events log and confirmed that error is due to missing built-in Administrator
account - account seem to be delete by AD due to duplicates. How to recover
from this?
Objective is to setup 2nd and 3rd DC, than decommission the PDC upgraded DC.
Forest already has 3 child domains promoted successfully from NT PDC.
Thanks for your help.
More about : directory object found dcpromo
Archived from groups: microsoft.public.win2000.active_directory (More info?)
"DavidT" <DavidT@discussions.microsoft.com> wrote in message
news:82D8D616-EF97-48AB-B975-708150F7AA9F@microsoft.com...
> Upgraded NT PDC to Windows AD in a forest with other child domains. Than
> setup a Windows 2000 member server, run dcpromo to promote it as a 2nd
domain
> controller but failed with "Directory object not found" error. Check KB
and
> events log and confirmed that error is due to missing built-in
Administrator
> account - account seem to be delete by AD due to duplicates. How to
recover
> from this?
Is the Win2000 server running SP4? (Technically SP3 plus some hot fixes
is sufficient but there is practically zero reason to avoid SP4+).
What did the Event Log (System locally, or System andAD on the DC) say?
> Objective is to setup 2nd and 3rd DC, than decommission the PDC upgraded
DC.
> Forest already has 3 child domains promoted successfully from NT PDC.
Next step would be to review DNS and check on the Domain Naming
Master (allows domains into forest.)
DCDiag is your friend -- run on all DCs (regularly).
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
>
> Thanks for your help.
"DavidT" <DavidT@discussions.microsoft.com> wrote in message
news:82D8D616-EF97-48AB-B975-708150F7AA9F@microsoft.com...
> Upgraded NT PDC to Windows AD in a forest with other child domains. Than
> setup a Windows 2000 member server, run dcpromo to promote it as a 2nd
domain
> controller but failed with "Directory object not found" error. Check KB
and
> events log and confirmed that error is due to missing built-in
Administrator
> account - account seem to be delete by AD due to duplicates. How to
recover
> from this?
Is the Win2000 server running SP4? (Technically SP3 plus some hot fixes
is sufficient but there is practically zero reason to avoid SP4+).
What did the Event Log (System locally, or System andAD on the DC) say?
> Objective is to setup 2nd and 3rd DC, than decommission the PDC upgraded
DC.
> Forest already has 3 child domains promoted successfully from NT PDC.
Next step would be to review DNS and check on the Domain Naming
Master (allows domains into forest.)
DCDiag is your friend -- run on all DCs (regularly).
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
>
> Thanks for your help.
Archived from groups: microsoft.public.win2000.active_directory (More info?)
"" wrote:
> Upgraded NT PDC to Windows AD in a forest with other child
> domains. Than
> setup a Windows 2000 member server, run dcpromo to promote it
> as a 2nd domain
> controller but failed with "Directory object not found" error.
> Check KB and
> events log and confirmed that error is due to missing built-in
> Administrator
> account - account seem to be delete by AD due to duplicates.
> How to recover
> from this?
>
> Objective is to setup 2nd and 3rd DC, than decommission the
> PDC upgraded DC.
> Forest already has 3 child domains promoted successfully from
> NT PDC.
>
> Thanks for your help.
I wonder how to do you get a duplicate administrator account
first check out if the administrator really is gone
use both the utils USER2SID and SID2USER (google)
Take an existing user and run:
USER2SID \<PDC> <existing user>
the output will be something like:
S-1-5-21-2023212167-3561086443-2747427212-11987
------------------------------------------------------- -------
domain sid rid
the administrator account has a RID of 500
so execute now
SID2USER \<PDC> 5 21 2023212167 3561086443 2747427212 500
this should let you see with account is the builtin administrator
account
Try this first
--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-object-fo...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1330504
"" wrote:
> Upgraded NT PDC to Windows AD in a forest with other child
> domains. Than
> setup a Windows 2000 member server, run dcpromo to promote it
> as a 2nd domain
> controller but failed with "Directory object not found" error.
> Check KB and
> events log and confirmed that error is due to missing built-in
> Administrator
> account - account seem to be delete by AD due to duplicates.
> How to recover
> from this?
>
> Objective is to setup 2nd and 3rd DC, than decommission the
> PDC upgraded DC.
> Forest already has 3 child domains promoted successfully from
> NT PDC.
>
> Thanks for your help.
I wonder how to do you get a duplicate administrator account
first check out if the administrator really is gone
use both the utils USER2SID and SID2USER (google)
Take an existing user and run:
USER2SID \<PDC> <existing user>
the output will be something like:
S-1-5-21-2023212167-3561086443-2747427212-11987
------------------------------------------------------- -------
domain sid rid
the administrator account has a RID of 500
so execute now
SID2USER \<PDC> 5 21 2023212167 3561086443 2747427212 500
this should let you see with account is the builtin administrator
account
Try this first
--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-object-fo...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1330504
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Thanks, will try this out. I did similar post in "Windows Server Active
Directory" (by mistake as I thought first post was unsuccessful) and gotten
good lead to go on. Question now is how to clean out the deleted
administrator id without screwing up AD. Thanks for your help.
"Jorge_de_Almeida_Pinto" wrote:
> "" wrote:
> > Upgraded NT PDC to Windows AD in a forest with other child
> > domains. Than
> > setup a Windows 2000 member server, run dcpromo to promote it
> > as a 2nd domain
> > controller but failed with "Directory object not found" error.
> > Check KB and
> > events log and confirmed that error is due to missing built-in
> > Administrator
> > account - account seem to be delete by AD due to duplicates.
> > How to recover
> > from this?
> >
> > Objective is to setup 2nd and 3rd DC, than decommission the
> > PDC upgraded DC.
> > Forest already has 3 child domains promoted successfully from
> > NT PDC.
> >
> > Thanks for your help.
>
> I wonder how to do you get a duplicate administrator account
>
> first check out if the administrator really is gone
>
> use both the utils USER2SID and SID2USER (google)
>
> Take an existing user and run:
> USER2SID \<PDC> <existing user>
>
> the output will be something like:
> S-1-5-21-2023212167-3561086443-2747427212-11987
> ------------------------------------------------------- -------
> domain sid rid
>
> the administrator account has a RID of 500
>
> so execute now
> SID2USER \<PDC> 5 21 2023212167 3561086443 2747427212 500
>
> this should let you see with account is the builtin administrator
> account
>
> Try this first
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's request
> Articles individually checked for conformance to usenet standards
> Topic URL: http://www.windowsforumz.com/Active-Directory-object-fo...
> Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1330504
>
Thanks, will try this out. I did similar post in "Windows Server Active
Directory" (by mistake as I thought first post was unsuccessful) and gotten
good lead to go on. Question now is how to clean out the deleted
administrator id without screwing up AD. Thanks for your help.
"Jorge_de_Almeida_Pinto" wrote:
> "" wrote:
> > Upgraded NT PDC to Windows AD in a forest with other child
> > domains. Than
> > setup a Windows 2000 member server, run dcpromo to promote it
> > as a 2nd domain
> > controller but failed with "Directory object not found" error.
> > Check KB and
> > events log and confirmed that error is due to missing built-in
> > Administrator
> > account - account seem to be delete by AD due to duplicates.
> > How to recover
> > from this?
> >
> > Objective is to setup 2nd and 3rd DC, than decommission the
> > PDC upgraded DC.
> > Forest already has 3 child domains promoted successfully from
> > NT PDC.
> >
> > Thanks for your help.
>
> I wonder how to do you get a duplicate administrator account
>
> first check out if the administrator really is gone
>
> use both the utils USER2SID and SID2USER (google)
>
> Take an existing user and run:
> USER2SID \<PDC> <existing user>
>
> the output will be something like:
> S-1-5-21-2023212167-3561086443-2747427212-11987
> ------------------------------------------------------- -------
> domain sid rid
>
> the administrator account has a RID of 500
>
> so execute now
> SID2USER \<PDC> 5 21 2023212167 3561086443 2747427212 500
>
> this should let you see with account is the builtin administrator
> account
>
> Try this first
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's request
> Articles individually checked for conformance to usenet standards
> Topic URL: http://www.windowsforumz.com/Active-Directory-object-fo...
> Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1330504
>
Related ressources:
- Forumgroup policy object
- Forumdcpromo failure, don’t know how to get replication working
- ForumDCPROMO over Remote Desktop not working
- ForumErrors logged after running DCPROMO
- ForumDCPROMO failure
- ForumDCpromo not promoting
- ForumDcpromo
- ForumDCPROMO
- ForumDCPromo cleanup?
- ForumDCPROMO
- ForumDCPROMO in remote office
- ForumScrewed up my Win2000 AD DNS
- Forumdcpromo & active directory setting
- ForumHelp: Trouble setting up first two DC's.
- ForumParallel and com ports not appearing in device manager
- ForumRecover Active Directory
- ForumErrors logged after running DCPROMO
- ForumChange Computer Name and Domain Name of Active Directory S..
- ForumActive Directory Users & Computers crashes
- Forumlost printers in directory
- More resources
!
