The following table reviews common problems with Active Directory installations and the possible solutions.
| Symptom or error | Root cause | Solution |
|---|
| Network location cannot be
reached. |
Network connectivity problems. | Verify network connectivity. |
| Active Directory Installation Failed:
The operation failed with the
following error: The system cannot
find the file specified. | This error message can be
caused by one or more of the
following conditions:
- The default Ntds.dit file is
missing or not correctly
located in the
%SystemRoot%\System
32 folder.
- Incorrect permission on
the default Ntds.dit file.
- Incorrect permissions on
an existing NTDS folder
structure.
| See Access Denied Error for more information. |
| The wizard cannot gain access to
the list of domains in the forest.
The error is: The specified domain
either does not exist or could not
be contacted.
| This problem can occur if a
domain controller in the domain
has not registered an "A" record
for itself in DNS. |
Add the A record for the domain
controller with the ipconfig
/registerdns command. Flush the
DNS cache on the computer
running the Active Directory
Installation Wizard by using the
ipconfig /flushdns command.
For more information, see
Troubleshooting Active Directory-Related DNS Problems. |
| DCPromo fails with an "invalid
parameter" error. |
In the Active Directory Installation
Wizard, the administrator entered
either a single-label or multilabel
Network Basic Input/Output
System (NetBIOS) name (such as
CORP or CORP.COM) that is
identical to the Active Directory
domain name, or entered a name
that is already in use on the
network.
| Use a NetBIOS name that does
not conflict with other computers
or domains on the network. |
| Error Message: The specified
domain either does not exist or
could not be contacted. |
DNS problems might be
preventing name resolution for the
source domain controller.
This issue can occur because the
SYSVOL directory is not shared
out on the domain controller that
will be used to source Active
Directory. |
See Troubleshooting Active Directory-Related DNS Problems
to resolve DNS issues.
Share out the SYSVOL directory.
To verify that the SYSVOL
directory is shared out, use the
net share command to see if the
SYSVOL share is showing. By
default, the SYSVOL share is
located in the following folder:
%SystemRoot%\Sysvol\Sysvol. |
| The operation failed because:
Failed to modify the necessary
properties for the machine
account %computername%$
"Access Denied".
| Source domain controller is not
trusted for delegation.
| Use the methods for
troubleshooting the "access
denied" error messages in the Active
Directory Installation Wizard. You
will learn more about this in the
later topic. |
| The operation failed because: To
perform the requested operation,
the directory service needs to
contact the Domain Naming
Master (server <servername>).
The attempt to contact it failed.
The specified server cannot
perform the requested operation.
| Servers that are being promoted
to domain controllers might
generate this error message when
they are unable to contact the
domain naming master role holder
during promotion. This happens
while creating the first domain
controller in a new child domain or
in a new tree in an existing forest. |
See Domain Naming Master Errors in Active Directory Installation Wizard. |
| Active Directory Installation Failed.
The operation failed because: The
Directory Service failed to create
the object
CN=<servername>,CN=Partitions,
CN=Configuration,DC=<domain
controller>.
| Servers that are being promoted
to domain controllers might
generate this error message when
they are unable to contact the
domain naming master role holder
during promotion. |
See Domain Naming Master Errors in Active Directory Installation Wizard. |
| The replication system
encountered an internal error.
| - | See Microsoft Knowledge Base Article: Internal Error Running Dcpromo.exe. |
| Missing SYSVOL and
NETLOGON shares. | Missing NETLOGON and
SYSVOL shares typically occur on
additional domain controllers in an
existing domain but can also occur
on the first domain controller in a
new domain.
|
Verify that the Net Logon service
is running. Also see Monitoring and Troubleshooting the File Replication Service. |
| An LDAP read of operational
attributes failed.
| The domain naming master for the
forest is offline or cannot be
contacted. |
Make the current domain naming
master accessible. If necessary,
see Seize operations master roles. |