0

I want to add a new RODC to an existing domain.
The new RODC is a Server 2012R2 and the existing domain is a 2008R2 domain.
The firewall on both sites is offline and both can reach each other per ping and DNS.
When I want to promote the 2012R2 Server the following error code appears:

test.verfiyadprepcredential.adprep.win32exception. -2147467259

Furthermore the RPC-service runs, too. I haven't found any suitable
information on the internet, yet . Any suggestions?
Thanks in advance.

mushr00mer1990
  • 351
  • 4
  • 14

1 Answers1

0

Do you already have other RODC's in the domain? If not, do you know if adprep /rodcprep has been run in the forest? RODC's need to be enabled before they can be built. You can query this as follows with powershell:

get-adobject "CN=ActivedirectoryRodcUpdate,CN=ForestUpdates,CN=Configuration,DC=your,DC=forest,DC=name" -prop revision

The attribute should exist and have Revision=2. If you get a Directory object not found it means RODCPrep was never run. This technet doc shares more info on running RODCPrep https://technet.microsoft.com/en-us/library/cc771055(v=ws.10).aspx You will need to be use an account that is memeber of Enterprise Admins to run RODCPrep.

Clayton
  • 4,523
  • 17
  • 24
  • There is no RODC in the domain. I ran adprep without any errors. But the query wasn't sucsessful. The cmdlet could not be found. I couldn't even use "import activedirectory" because the import cmdlet wasn't found. Additional information: The other domain controller is a 2011 small business server. – mushr00mer1990 Jun 07 '17 at 08:53
  • Small Business Server 2011 is a different product. The "essentials" supports 25 users and "premium" maxes out with 75 users. With that small a user base I don't know why you'd bother with a RODC. Did you try running DCPromo again after `adprep /rodcprep`? In the future use the `windows-sbs-2011` tag on your posts. – Clayton Jun 07 '17 at 15:59
  • Indeed it is. I didn't notice it directly. Otherwise I would have tagged it correctly. I am sorry for this. After the adprep /rodcprep command I tried running DCPromo again. But the same error occured again. – mushr00mer1990 Jun 08 '17 at 13:25
  • Is the server your trying to promo built with 2012 R2 media, or SBS 2011 media? You probably cannot promo a server built with 2012 R2 media to a SBS 2011 domain. That or `test.verfiyadprepcredential.adprep.win32exception` sounds like you're not using a credential with enough privileges to run the DC Promo. – Clayton Jun 08 '17 at 14:28