7,023 questions
You should use an admin account member of domain admins group to promote an additional domain controller.
Please don't forget to accept helpful answer
Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 67%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYP%3C/text%3E%3C/svg%3E)
Yateen Pawar
0
Reputation points
I am trying to add Windows Server 2019 as an additional AD server. When I try to promote the new server, I get the following error message:
The operation failed because:
Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=XXX ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=XXX,DC=LOCAL on the remote AD DC XXX.XXX.LOCAL. Ensure the provided network credentials have sufficient permissions. "The Directory Service cannot perform the requested operation because a domain rename operation is in progress."
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Thameur-BOURBITA 36,261 Reputation points Moderator2024-11-17T23:40:15.1233333+00:00
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 92%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYL%3C/text%3E%3C/svg%3E)
Yanhong Liu 14,200 Reputation points Microsoft External Staff2024-11-18T08:21:49.2+00:00 Hello,
The error message indicates that the NTDS Settings object could not be created, and it mentions that a domain rename operation is in progress. Here are some steps you can take to troubleshoot and resolve this issue:
1.Check Domain Rename Status:
Ensure that there is no ongoing domain rename operation. You can check this by running the command:
repadmin /replsummary
If a rename is in progress, you may need to wait for it to complete or cancel it if it's stuck.
2.Verify Permissions:
Ensure that the account you are using to promote the new DC has sufficient permissions. The account should be a member of the Enterprise Admins or Domain Admins groups.
You can also check the effective permissions using ADSI Edit:
Open adsiedit.msc.
Navigate to the domain partition and check the permissions for your user account.
3.Remove Failed DC Accounts:
If the promotion attempt created a computer account for the new DC, you may need to delete it:
Use Active Directory Users and Computers or Active Directory Sites and Services to find and remove any failed DC accounts.
4.Restart the Server:
Sometimes, simply restarting the server can resolve transient issues.
5.Check for Existing NTDS Settings:
Ensure that there are no existing NTDS Settings objects that might conflict with the new DC. You can check this in Active Directory Sites and Services.
6.Review Event Logs:
Check the Event Viewer on both the new server and the existing DCs for any related error messages that might provide more context.
Best Regards,
Yanhong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.