JSI Tip 4257. Dcpromo generates 'The system cannot find the file specified' or 'Access is denied'?


When you run Dcpromo, your receive one of the following:

Active Directory Installation Failed:
The operation failed with the following error:
The system cannot find the file specified. 

New Credentials.
The operation failed with the following error: "Access is denied". 
These error messages can be caused by one or more of the following conditions: 
The absence of the default Ntds.dit file.

Incorrect permission on the default Ntds.dit file.

Incorrect permissions on an existing NTDS folder structure.
When you install a Windows 2000 server, regardless of the product or its role, a model Ntds.dit files is located at %SystemRoot%\System32. When you promote a server, the actual Ntds.dit file is created at %SystemRoot%\Ntds.

If you received the The system cannot find the file specified message, the %SystemRoot%\System32\Ntds.dit (default) file is missing. The simplest fix is to expand Ntds.di_ from any server CD.

NOTE: Check the %SystemFolder%\Debug\Dcpromo.log to see if this was the problem.

If you receive the Access is denied error, verify that the following permissions are set:

System32\Ntds.dit 
BUILTIN\Users:             Read \[RX\]
BUILTIN\Power Users:       Read \[RX\]
BUILTIN\Administrators:    Full Control \[ALL\]
NT AUTHORITY\SYSTEM:       Full Control \[ALL\]
Everyone:                  Read \[RX\] 

%SystemRoot%\Ntds
BUILTIN\Users:             Special Access \[RX\]
BUILTIN\Power Users:       Special Access \[RWXD\]
BUILTIN\Administrators:    Special Access \[A\]
NT AUTHORITY\SYSTEM:       Special Access \[A\]
CREATOR OWNER:   

%SystemRoot%\Ntds\Drop  (only if \Drop exists)
BUILTIN\Users:             Special Access \[RX\]
BUILTIN\Power Users:       Special Access \[RWXD\]
BUILTIN\Administrators:    Special Access \[A\]
NT AUTHORITY\SYSTEM:       Special Access \[A\]
CREATOR OWNER:             Special Access \[A\]
NOTE: Check the %SystemFolder%\Debug\Dcpromo.log to see if this was the problem.

NOTE: After successful promotion, the following permissions should exist:

%SystemRoot%\Ntds
NT AUTHORITY\SYSTEM:       Special Access \[A\]
BUILTIN\Administrators:    Special Access \[A\]

%SystemRoot%\Ntds\Drop
NT AUTHORITY\SYSTEM:       Special Access \[A\]
BUILTIN\Administrators:    Special Access \[A\]


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish