Home > Active Directory > Active Directory 2012 installation stalls at the “Creating the NTDS settings object”

Active Directory 2012 installation stalls at the “Creating the NTDS settings object”

I recently ran into this issue with a customer when adding additional Server 2012 domain controllers to an existing domain. The steps below worked perfectly for me.

After you start Active Directory installation in Windows Server 2012 by using Server Manager or the AddsDeployment Windows PowerShell module, the installation stalls at the stage at which you receive the following message:

“Creating the NTDS Settings object for this Active Directory Domain Controller on the remote AD DC dc1.domain.com”

This issue occurs for one or more of the following reasons:
  • The server’s built-in Administrator account has the same password as the built-in domain Administrator account.
  • The NetBIOS domain prefix or UPN were not provided as credentials for installation. Instead, only the user name “Administrator” was provided.

To resolve this issue, follow these steps:

  1. Restart the server on which Active Directory could not be installed.
  2. Use Dsa.msc or Dsac.exe on an existing domain controller to delete the failed server’s computer account. (The domain controller will not yet be a domain controller object but only a member server.) Then, let Active Directory replication converge.
  3. On the failed server, forcibly remove the server from the domain by using the System Properties Control Panel item or netdom.exe.
  4. On the failed server, remove the Active Directory Domain Services (AD DS) role by using Server Manager or Uninstall-WindowsFeature.
  5. Restart the failed server.
  6. Install the AD DS role, and then try the promotion again. When you do this, make sure that you provide promotion credentials in the form “domain\user” or “user@domain.com.”


Categories: Active Directory
  1. March 11, 2014 at 10:03 pm

    Well, I just spent a full day trying to get around this bug, so I thought I’d leave my comments here in case the microsoft / acadamis2000 workaround detailed above DOES NOT resolve this issue.

    If you still hang at the “Creating the NTDS settings object” after following steps 1-6 above, check the dcpromo logs (yes, they still have them even on server 2012) here “%systemroot%\debug\dcpromo.log”. If you see something about failing to connect to the domain controller due to a DNS failure, you probably had the same issue I had. It turns out that the entire thing was hanging not because of a credentials issue (my first thought) but due to a simple DNS lookup error. I suspect it has something to do with the DC promo operation updating the DNS server and temporarily breaking it during the upgrade.

    Long story short, add a record to the hosts file on the machine that is failing to become a DC pointing to the existing DC that you’re trying to authenticate against and everything should work just fine. I actually added a record for both machines during the process and it went right through. You can delete these records afterwards.

    As a reminder, the hosts file is here:

    I added two records at the top that looked like this (note that pinging through DNS always worked for the same addresses…but somehow this made it work during the DC upgrade process): newdc.int.contoso.com existingdc.int.contoso.com

    Hope this helps…

  2. Richard Johansson
    April 30, 2014 at 11:00 am

    Thank you fulloutpullin! This did the trick for us with our Environment.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: