This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 99%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Hello,
I'm trying to promote a 2016 server to a DC in an existing forest.
The current DC is a 2016 server.
When I attempt to do this, it states that ADprep cannot modify security descriptor CN=Keys
And to grant access to infrastructure master.
The account I am using has all permissions, domain admin, schema admin, enterprise admin etc.
Verified all permissions for the Schema is allowed as well for the account.
Any advisement here? I have no idea what else to try.
[2024/09/18:08:12:17.909]
Adprep was unable to modify the security descriptor on object CN=Keys,DC=,DC=local.
[Status/Consequence]
ADPREP was unable to merge the existing security descriptor with the new access control entry (ACE).
[User Action]
Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20240918081217 directory for more information.
[2024/09/18:08:12:17.909]
Adprep encountered an LDAP error.
Error code: 0x20. Server extended error code: 0x208d, Server error message: 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=,DC=local'
DSID Info:
DSID: 0x180e0a0a
ldap error = 0x20
NT BUILD: 20348
NT BUILD: 2520
[2024/09/18:08:12:17.909]
Adprep was unable to update domain information.
[Status/Consequence]
Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Refer to https://www.youtube.com/watch?v=J-4RMzvir2I
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
This was already done, doesnt work
This was already tried, it doesnt work
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 92%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYL%3C/text%3E%3C/svg%3E)
Hello
Thank you for posting in Q&A forum.
Adprep was unable to modify the entry due to a lack of permissions for CN=Keys, DC=<your domain>, DC=local. This indicates that you do not have the necessary permissions for this location.
You can follow these steps to resolve the issue:
Best regards
Yanhong
=====================================
If the answer is helpful, please click "Accept answer" and upvote it