Archive for April, 2013

Active Directory 2012 installation stalls at the “Creating the NTDS settings object”

April 2, 2013 2 comments

I recently ran into this issue with a customer when adding additional Server 2012 domain controllers to an existing domain. The steps below worked perfectly for me.

After you start Active Directory installation in Windows Server 2012 by using Server Manager or the AddsDeployment Windows PowerShell module, the installation stalls at the stage at which you receive the following message:

“Creating the NTDS Settings object for this Active Directory Domain Controller on the remote AD DC”

This issue occurs for one or more of the following reasons:
  • The server’s built-in Administrator account has the same password as the built-in domain Administrator account.
  • The NetBIOS domain prefix or UPN were not provided as credentials for installation. Instead, only the user name “Administrator” was provided.

To resolve this issue, follow these steps:

  1. Restart the server on which Active Directory could not be installed.
  2. Use Dsa.msc or Dsac.exe on an existing domain controller to delete the failed server’s computer account. (The domain controller will not yet be a domain controller object but only a member server.) Then, let Active Directory replication converge.
  3. On the failed server, forcibly remove the server from the domain by using the System Properties Control Panel item or netdom.exe.
  4. On the failed server, remove the Active Directory Domain Services (AD DS) role by using Server Manager or Uninstall-WindowsFeature.
  5. Restart the failed server.
  6. Install the AD DS role, and then try the promotion again. When you do this, make sure that you provide promotion credentials in the form “domain\user” or “”

Categories: Active Directory

Windows Server 2012 Remote Group Policy Update

We all have been there before, making a setting on a GPO and wanting to test or enforce that setting on the machine we made a change on. Before Windows Server 2012, most of us went to that machine, open the command prompt, and did a “gpupdate /force”. This was kind of annoying to have to get on each machine or wait for the refresh interval.

Now in Windows Server 2012, there is a new built-in Remote Group Policy Update feature that allows you to refresh group policy on computers that live inside of a specific organizational unit. We can simply do this by making our change to our GPO, going to the OU in the Group Policy Management Console, and right clicking on the OU and selecting “Group Policy Update”.


This triggers the gpupdate to run on the computers in the OU without having to remote into any machine. The next screen will tell you that you have chosen to run the Group Policy update on all computers in the selected OU. Clicking Yes will run the gpupdate on the machines.


That’s it, just another handy little new feature that has been added to Windows Server 2012.

Categories: Active Directory