|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
Guest
|
 Posted: Thu Aug 30, 2007 2:14 am Post subject: Active Directory could not create the NTDS Settings object f |
 |
|
Hi there guys!!!
I have an organisation that is currently running a Windows 2000
(native) AD domain. All domain controllers are running Windows 2000
with SP4 and have all of the most recent updates installed
Recently, I tried promoting a Windows 2003 member server to a domain
controller, however I was presented with the following error message
shortly after clicking next on the summary screen within the active
directory installation wizard:
_________________________________________________________________________________
The operation failed because:
Active Directory could not create the NTDS Settings object for this
domain controller CN=NTDS
Settings,CN=M17FSRV,CN=Servers,CN=DomainnameHeadOffice,CN=Sites,CN=Configuration,DC=domainname,DC=co,DC=za
on the remote domain controller M15EXCH.domainname.co.za. Ensure the
provided network credentials have sufficient permissions.
"An attempt was made to modify an object to include an attribute that
is not legal for its class."
____________________________________________________________________________________
Additionally here is what the dcpromo.log comes up with:
_____________________________________________________________________________________
08/29 21:00:02 [INFO] Starting a replication cycle between
M15EXCH.domainname.co.za and the RID operations master
(s03w004.domainname.co.za), so that the new replica will be able to
create users, groups, and computer objects&
08/29 21:00:03 [INFO] Configuring the local domain controller to host
Active Directory
08/29 21:00:04 [INFO] Creating the NTDS Settings object for this
domain controller on the remote domain controller
M15EXCH.domainname.co.za&
08/29 21:00:04 [INFO] Error - Active Directory could not create the
NTDS Settings object for this domain controller CN=NTDS
Settings,CN=M17FSRV,CN=Servers,CN=DomainnameHeadOffice,CN=Sites,CN=Configuration,DC=domainname,DC=co,DC=za
on the remote domain controller M15EXCH.domainname.co.za. Ensure the
provided network credentials have sufficient permissions. (8317)
08/29 21:00:04 [INFO] NtdsInstall for domainname.co.za returned 8317
08/29 21:00:04 [INFO] DsRolepInstallDs returned 8317
08/29 21:00:04 [ERROR] Failed to install to Directory Service (8317)
08/29 21:00:13 [INFO] Starting service NETLOGON
______________________________________________________________________________________
| Quote: | From my experience in working on AD domains this is pretty much the
first time I have come across an 8317 error. I am hoping that some |
EXPERT out there will be able to shed some light on this problem -
Seems to me this is a schema related issue.
Prior to the promotion attempt both the Windows 2003 adprep /
forestprep and /domainprep were run using an account that is part of
the schema administrators and enterprise administrators groups.
As I mentionioned before, this is NOT a permission related issue. DNS
and all other tertiary backend systems and services are running 100%
without problem. DCDIAG and NETDIAG do NOT present me with any
problems.
I have a looked on the net and gone through the Microsoft
knowledgebase with a fine-toothed comb without any luck. There are
very similar articles that do match part of the error in the above,
but do not come close in helping me resolve the problem.
Experts I would appreciate all the help I can get - 500 points will be
awarded to the victor!
Thanks
Nautilian |
|
| Back to top |
|
 |
|
|
Manu
Guest
|
| Posted: Fri Aug 31, 2007 12:29 am Post subject: Re: Active Directory could not create the NTDS Settings obje |
|
|
Have you already extended the schema for windows server 2003, domain prep and
forest prep?
"Jorge Silva" wrote:
| Quote: | I didn't found to much information about this specific error, maybe if you
search for other errors that may help to identify other exisitng problems,
dcdiag and netdiag are good for checking configuration problems, you should
also search for event log errors that indicate replication problems with
some attributes, at last you can do a repair on the database by running
ntdsutil, and do a semantic check.
Also check this link (doesn't sound your problem, but... we never know....)
http://blogs.dirteam.com/blogs/jorge/archive/2006/08/27/Incorrect-_2600_quot_3B00_userAccountControl_2600_quot_3B00_-Attribute-value-causes-error-when-running-DCDIAG-or-during-promotion-of-a-server-to-a-DC.aspx
Let me know if you come up with some conclusions.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Algreco" <nicola@iafrica.com> wrote in message
news:1188500465.624011.245260@q4g2000prc.googlegroups.com...
Hi there once again
-DNS is configured correctly with ip addresses pointing to domain
controllers with DNS integrated zones.
-No server with same name is listed - AS the error states "Active
Directory could not create the NTDS Settings object for this
domain controller CN=NTDS
Settings,CN=M17FSRV,CN=Servers,CN=DomainnameHeadOffice,CN=Sites,CN=ConfigurĀ
ation,DC=domainname,DC=co,DC=za
on the remote domain controller M15EXCH.domainname.co.za"
-All permissions have been checked and verified across site hierachy.
Current account is part of the enterprise admins, domain admins, and
schema admins groups.
Seems to me that this is more of a schema related issue. Especially if
you look at this part of the error message:
"An attempt was made to modify an object to include an attribute that
is not legal for its class."
Any other ideas?
|
|
|
| Back to top |
|
|
|
|
