Event ID 12298 — Domain Controller Account
Applies To: Windows Server 2008 R2
.jpg)
Domain controllers use the machine account of other domain controllers for authentication. Domain controllers must authenticate with each other before they can communicate with each other.
Event Details
| Product: | Windows Operating System |
| ID: | 12298 |
| Source: | SAM |
| Version: | 6.0 |
| Symbolic Name: | SAMMSG_DC_NEEDS_TO_BE_COMPUTER |
| Message: | The account %1 cannot be converted to be a domain controller account as its object class attribute in the directory is not computer or is not derived from computer. If this is caused by an attempt to install a pre Windows 2000 domain controller in a Windows 2000 domain or later, then you should precreate the account for the domain controller with the correct object class. |
Resolve
Create the domain controller account
The Security Accounts Manager (SAM) could not create the domain controller account. Create an account for the domain controller in the Domain Controller organizational unit (OU). Perform the following procedure using a domain member computer with the domain administrative tools installed.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To create the computer account in the Domain Controllers OU:
- Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- Expand the domain object, if necessary.
- Right-click the Domain Controllers OU, click New, and then click Computer. The New Object - Computer dialog box appears.
- In Computer name, type the name of the computer that you want to be a domain controller, and then click OK.
Verify
When a computer is promoted to domain controller, a computer account for that computer appears in the Domain Controllers organizational unit (OU). Perform the following procedure using a domain member computer that has domain administrative tools installed.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To verify that the computer account is in the Domain Controllers OU:
- Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then click OK. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- Double-click the domain object, and then click the Domain Controllers OU. Ensure that the computer account is in this container.