Directory object not found during dcpromo

[davidt]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Upgraded NT PDC to Windows AD in a forest with other child domains. Than
setup a Windows 2000 member server, run dcpromo to promote it as a 2nd domain
controller but failed with "Directory object not found" error. Check KB and
events log and confirmed that error is due to missing built-in Administrator
account - account seem to be delete by AD due to duplicates. How to recover
from this?

Objective is to setup 2nd and 3rd DC, than decommission the PDC upgraded DC.
Forest already has 3 child domains promoted successfully from NT PDC.

Thanks for your help.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"DavidT" <DavidT@discussions.microsoft.com> wrote in message
news:82D8D616-EF97-48AB-B975-708150F7AA9F@microsoft.com...
> Upgraded NT PDC to Windows AD in a forest with other child domains. Than
> setup a Windows 2000 member server, run dcpromo to promote it as a 2nd
domain
> controller but failed with "Directory object not found" error. Check KB
and
> events log and confirmed that error is due to missing built-in
Administrator
> account - account seem to be delete by AD due to duplicates. How to
recover
> from this?

Is the Win2000 server running SP4? (Technically SP3 plus some hot fixes
is sufficient but there is practically zero reason to avoid SP4+).

What did the Event Log (System locally, or System andAD on the DC) say?

> Objective is to setup 2nd and 3rd DC, than decommission the PDC upgraded
DC.
> Forest already has 3 child domains promoted successfully from NT PDC.

Next step would be to review DNS and check on the Domain Naming
Master (allows domains into forest.)

DCDiag is your friend -- run on all DCs (regularly).

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
> Thanks for your help.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> Upgraded NT PDC to Windows AD in a forest with other child
> domains. Than
> setup a Windows 2000 member server, run dcpromo to promote it
> as a 2nd domain
> controller but failed with "Directory object not found" error.
> Check KB and
> events log and confirmed that error is due to missing built-in
> Administrator
> account - account seem to be delete by AD due to duplicates.
> How to recover
> from this?
>
> Objective is to setup 2nd and 3rd DC, than decommission the
> PDC upgraded DC.
> Forest already has 3 child domains promoted successfully from
> NT PDC.
>
> Thanks for your help.

I wonder how to do you get a duplicate administrator account

first check out if the administrator really is gone

use both the utils USER2SID and SID2USER (google)

Take an existing user and run:
USER2SID \<PDC> <existing user>

the output will be something like:
S-1-5-21-2023212167-3561086443-2747427212-11987
------------------------------------------------------- -------
domain sid rid

the administrator account has a RID of 500

so execute now
SID2USER \<PDC> 5 21 2023212167 3561086443 2747427212 500

this should let you see with account is the builtin administrator
account

Try this first

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-object-found-dcpromo-ftopict402129.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1330504

 

[davidt]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks, will try this out. I did similar post in "Windows Server Active
Directory" (by mistake as I thought first post was unsuccessful) and gotten
good lead to go on. Question now is how to clean out the deleted
administrator id without screwing up AD. Thanks for your help.

"Jorge_de_Almeida_Pinto" wrote:

> "" wrote:
> > Upgraded NT PDC to Windows AD in a forest with other child
> > domains. Than
> > setup a Windows 2000 member server, run dcpromo to promote it
> > as a 2nd domain
> > controller but failed with "Directory object not found" error.
> > Check KB and
> > events log and confirmed that error is due to missing built-in
> > Administrator
> > account - account seem to be delete by AD due to duplicates.
> > How to recover
> > from this?
> >
> > Objective is to setup 2nd and 3rd DC, than decommission the
> > PDC upgraded DC.
> > Forest already has 3 child domains promoted successfully from
> > NT PDC.
> >
> > Thanks for your help.
>
> I wonder how to do you get a duplicate administrator account
>
> first check out if the administrator really is gone
>
> use both the utils USER2SID and SID2USER (google)
>
> Take an existing user and run:
> USER2SID \<PDC> <existing user>
>
> the output will be something like:
> S-1-5-21-2023212167-3561086443-2747427212-11987
> ------------------------------------------------------- -------
> domain sid rid
>
> the administrator account has a RID of 500
>
> so execute now
> SID2USER \<PDC> 5 21 2023212167 3561086443 2747427212 500
>
> this should let you see with account is the builtin administrator
> account
>
> Try this first
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's request
> Articles individually checked for conformance to usenet standards
> Topic URL: http://www.windowsforumz.com/Active-Directory-object-found-dcpromo-ftopict402129.html
> Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1330504
>