ADPrep cannot modify security descriptor - Promote DC issues

Seth Bolin 0 Reputation points
2024-09-19T20:22:33.4866667+00:00

Hello,

I'm trying to promote a 2016 server to a DC in an existing forest.

The current DC is a 2016 server.

When I attempt to do this, it states that ADprep cannot modify security descriptor CN=Keys

And to grant access to infrastructure master.

The account I am using has all permissions, domain admin, schema admin, enterprise admin etc.

Verified all permissions for the Schema is allowed as well for the account.

Any advisement here? I have no idea what else to try.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,073 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,536 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 24,035 Reputation points MVP
    2024-09-19T21:18:16.83+00:00

    Refer to https://www.youtube.com/watch?v=J-4RMzvir2I


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin


  2. Yanhong Liu 9,680 Reputation points Microsoft Vendor
    2024-09-23T09:03:43.1633333+00:00

    Hello

    Thank you for posting in Q&A forum.

    Adprep was unable to modify the entry due to a lack of permissions for CN=Keys, DC=<your domain>, DC=local. This indicates that you do not have the necessary permissions for this location.

    You can follow these steps to resolve the issue:

    1. Log on to the Domain Controller as an administrator.
    2. Open Active Directory Users and Computers.
    3. You will see an OU named "Keys."
    4. Right-click on this OU, select "Properties," and then go to the "Security" tab.
    5. Grant the necessary permissions to the user running Adprep.

    Best regards

    Yanhong

    =====================================

    If the answer is helpful, please click "Accept answer" and upvote it

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.