Dcpromo.exe Does Not Work if the Domain Naming Master Is Not a Global Catalog (315850)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
This article was previously published under Q315850

SYMPTOMS

When you are running Dcpromo.exe to create a grandchild domain, the operation may not work if the domain controller that holds the domain naming master FSMO role is not a Global Catalog server. Dcpromo.exe creates the Dcpromo.log and Dcpromoui.log files which are saved in the %systemroot%\Debug folder, and the Dcrpromo.log file may have the following error message entry:
01/04 15:29:48 [INFO] Error - The Directory Service failed to create the object CN=new grandchild domain name,CN=Partitions,CN=Configuration,DC=root domain name,DC=com. Please check the event log for possible system errors. (8495)
01/04 15:30:02 [INFO] NtdsInstall for new grandchild domain name.root domain name.com returned 8495
01/04 15:30:02 [INFO] DsRolepInstallDs returned 8495
01/04 15:30:02 [ERROR] Failed to install the directory service (8495)

Pop-up error message may appear on your screen with the following description.

The operation failed because:

The Directory Service failed to create the object CN=new grandchild domain name,CN=Partitions,CN=Configuration,DC=root domain name,DC=com. Please check the event log for possible system errors.

The directory cannot validate the proposed naming context name because it does not hold a replica of the naming context above the proposed naming context. Please ensure that the domain naming master role is held by a server that is configured as a global catalog server, and that the server is up to date with its replication partners.
Note that the dates and times in the preceding entry will vary.

CAUSE

The domain naming master role is assigned to the first domain controller in the forest. At the same time, all of the FSMO roles are assigned to this domain controller along with a global catalog role. If this global catalog function is removed or transferred from the domain controller that holds a domain naming master role, Dcpromo.exe does not work, and generates an error 8495 when you create a grandchild domain.

RESOLUTION

To resolve this issue:
  1. Identify which domain controller has a domain naming master role:
    1. Start Active Directory Domains and Trusts.
    2. Right-click the domain object, and then click Operation Master.
    3. You can now see which domain controller has a domain naming master role.
  2. Identify if that domain controller is a global catalog server:
    1. Start Active Directory Sites and Services.
    2. Expand a site that this domain controller belongs to.
    3. Expand the Servers folder.
    4. Expand the domain controller object.
    5. Right-click NTDS Settings, and then click Properties.
    6. Click to select the Global Catalog check box. If it is unchecked, check it again. Make sure that this change replicates to all domain controllers.

MORE INFORMATION

The domain controller that has the domain naming master role is the only domain controller that can add new domains to the forest or remove existing domains from the forest. At any time, there can be only one domain naming master in the forest. If the domain naming master is unavailable, you cannot add or remove domains. You can transfer the domain naming master role to another domain controller.
Modification Type:MajorLast Reviewed:12/3/2003
Keywords:kbenv kberrmsg kbprb KB315850
©2003 Microsoft Corporation. All rights reserved.