ADPrep Execution Failure

Question

I am trying to promote a virtual machine (10.0.0.242) to a domain controller, but I keep receiving this error:

---

ADPrep execution failed --> Microsoft.DirectoryServices.Deployment.ADPrepLdapException: No Such Object. Server extended error: 8333. Server extended message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:

DC=contoso,DC=com

.

Adprep was unable to modify the security descriptor on object CN=Keys,DC=contoso,DC=com.

[Status/Consequence]

ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).

[User Action]

Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20240617114221 directory for more information..

Check the log files in the C:\Windows\debug\adprep\logs\20240617114221 directory for detailed information.

---

My current dc (10.0.0.241) is a physical server running 2016 standard. The virtual machine/server I am trying to promote is running server 2022 standard.

• Both servers can ping each other
• Both servers are on the same subnet
• Both servers have their DNS set to 10.0.0.241
• Schema is set to 88 on my current dc
• No replication errors are shown on my current dc
• I was able to promote a test physical server to a domain controller. I have cleared that server from the domain

Any help to figure out why this happening or how to fix it would be greatly appreciated. I can provide all logs, ipconfigs, replsum, etc.. to whoever wants to help.