Why can't I access the Microsoft Management Console (MMC) Active Directory (AD) snap-ins in Windows 2000 and later?

A. When you attempt to use the Active Directory Users and Computers snap-in, Active Directory Sites and Services snap-in, or Active Directory Domains and Trusts snap-in, you might receive one of the following errors:

  • "Naming information cannot be located because: Logon attempt failed. Contact your system administrator to verify that your domain is properly configured and is currently online."
  • "The configuration information describing this enterprise is not available. The logon attempt failed."

These errors can occur if your security settings have been corrupted. To repair these settings, perform the following steps:

  1. Start a command session--go to Start, Run and type
  2. Enter the commands
    secedit /configure /cfg %systemroot%\repair\secsetup.inf /db secsetup.sdb
    secedit /configure /cfg %systemroot%\repair\secdc.inf /db secdc.sdb
  3. Close the command session.

The commands can take in excess of 10 minutes to process, so be patient. If you receive the following warning about a task that the system couldn't complete, you can safely ignore the warning:

"Task is completed. Some files in the configuration are not found on this system so security cannot be set/queried. It's ok to ignore.
See log %windir%\security\logs\scesrv.log for detail info."
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.