Active Directory Installation and Removal Issues

To install and remove Active Directory, the Active Directory Installation Wizard (Dcpromo) is used. It is important that certain requirements are met to prevent an unsuccessful installation and removal of Active Directory in an enterprise. These requirements include planning for sufficient storage capacity, time synchronization, domain controller availability, DNS configuration, and administrator access permissions. Also, there are specific troubleshooting techniques that you can follow if you do encounter errors when installing and removing Active Directory. Some of the common problems you might encounter are the following:

• You cannot reach the server from which you are installing, perhaps because the DNS name is not registered yet.
• The name of the domain you are authenticating against is incorrect or not available yet.
• The user name and password you supplied are incorrect.
• The DNS server settings are not configured correctly

The recommended ways to diagnose and resolve these problems :

• Check the Event Viewer for specific errors related to Active Directory Installation Wizard on all domain controllers within the domain. For more information on examining Event Viewer messages , see "Network Connectivity" in this chapter.
• Wait and allow enough time for replication to occur on all domain controllers within the domain. For more information on diagnosing replication issues, see "Replication Issues" in this chapter.
• Check network connectivity. For more information on diagnosing and resolving network connectivity problems, see "Network Connectivity" in this chapter.
• Check for name conflicts. For more information on diagnosing and resolving naming conflicts, see "Name Resolution" in this chapter.

Note

Whenever you encounter errors running the Active Directory Installation Wizard (Dcpromo.exe), examine the Dcpromoxx.log files. These files (Dcpromo.log and Dcpromoui.log) are located in the %SystemRoot%\debug folder. For more information about examining Active Directory Installation log files , see "Troubleshooting Active Directory Installation Wizard Errors" in this chapter.

Ensuring Sufficient Disk Space

To avoid any problems with installing or removing Active Directory, it is important to confirm that you have sufficient disk space on the network drives that are going to be configured to host the directory information tree (DIT) and log files.

The Active Directory Installation Wizard requires 200 megabytes (MB) of disk space for the Active Directory database and 50 MB for the ESENT transaction log files. File size requirements for the Active Directory database and log files are calculated by the Dssize tool. This is dependent on the number and type of objects in the domain database or databases held by the forest if the computer is serving as a Global Catalog server.

Ensuring Time Synchronization

The Kerberos v5 authentication protocol time synchronization between domain controllers and stand-alone servers defaults to five minutes of each other. Use the net time command to synchronize the time of the server that is being promoted with the domain controller from which you are holding the directory partition.

Note

By default, time synchronization is done automatically.

Active Directory Installation Operations Master Requirements

The Domain Naming Master server must be available when a Windows 2000 Server attempts to join an existing tree by creating a new domain.

Note

For an additional domain controller installation, the domain naming operations master is not needed.

To determine operations master availability, use the Active Directory Users and Computers console and the Active Directory Domains and Trusts console. You can also use the Ntdsutil tool to determine operations master availability and server location.

For more information about operations master roles, see "Managing Flexible Single-Master Operations" in this book.

Confirming DNS Configuration

To test the DNS configuration paths in the Active Directory Installation Wizard, type ipconfig /release at the command prompt, and then start the Active Directory Installation Wizard. This causes the wizard to run as if DNS is not properly configured. You cannot use the wizard to continue until it detects a valid DNS setup. To simulate completion of the configuration, run ipconfig /renew in another process, and then return to the Active Directory Installation Wizard.

Privileges Needed to Add an Additional Domain Controller

To install an additional domain controller, an administrator who is a member of the Built-in [administrators] group (for example, Enterprise Admins and Domain Admins) on your domain controller must have the "enable computer and user accounts to be trusted for delegation" privilege. This is necessary so that during the installation of Active Directory, the computer account canbe trusted for delegation.

Note

By default, the delegation privilege is provided to the Built-in [administrators] group.

The Active Directory Installation Wizard attempts to enable the computer account to be trusted for delegation for an install of an additional domain controller. However, there might be situations where the "enable computer and user accounts to be trusted for delegation" privilege is not provided by default to the Built-in [administrators] group. In that case, the security configuration engine must correct the this privilege problem before the Active Directory Installation Wizard can successfully run or you manually need to give the priviledge to a computer account.

To give the "enable computer and user accounts to be trusted for delegation" privilege to a computer account

1. Open the Active Directory Users and Computers console.
2. Expand and right-click Domain Controllers, Properties, and the Group Policy tab.
3. Modify the "default domain controllers policy" Group Policy object, computer configuration, windows settings, security settings, local policies, user rights assignments and open "enable computer and user accounts to be trusted for delegation."
4. Add the account you want to use for the domain controller promotion process or group of which it is a member.

Operations Master Availability Requirements

During the installation of Active Directory, there are requirements that must be met by the servers that hold certain operations master roles.

Domain Naming Master Operations Master Role Holder

The Domain Naming Master operations master role must be available by RPC when installing a new domain in an existing forest.

Failure to access the Domain Naming Master operations master role holder during the installation of Active Directory for a new domain generates an error such as this:

To perform the requested operation, the Directory Service needs to contact the

Domain Naming Master (server reskit.com).  The attempt to contact it failed.

"The RPC server is unavailable"

The text message is a win32 error message indicating why the network operation to reskit.com failed

If you receive the preceding error message, it is recommended that you verify the following:

• Verify that network connectivity is present.
• Verify that the Domain Naming Master operations master role owner is available.
• Verify that LDAP records are correctly located on the DNS server for the domain controllers in the root domain.
• Verify that the domain controllers in the root domain are time synchronized within five minutes of each other.
• Verify that the IP configuration on domain controllers in the parent and child domains are correct and are using the same DNS server.

Note

Flush the DNS cache to verify that the DNS entries are correct. The command to use is ipconfig /flushdns.

Removing Data in Active Directory After an Unsuccessful Removal of Active Directory

As part of the removal of Active Directory from a domain controller, the Active Directory Installation Wizard removes the configuration data for the domain controller from Active Directory. This data takes the form of the NTDS Settings object, which exists as a child of the server object (cn=NTDS Settings,cn=<serverName>,cn=Servers,cn=<siteName>,cn=Sites,cn=Configuration,dc=forestRootDomain). You can view these objects in the Sites container in the Active Directory Sites and Services console.

The attributes of the NTDS Settings object include data that represent how the domain controller is identified to its replication partners, the directory partitions that are maintained on the computer, whether or not the domain controller is a Global Catalog server. The NTDS Settings object is also a container that can have child objects that represent the domain controller's direct replication partners. This data is required for the domain controller to operate within the environment, but the NTDS Settings object is removed upon the removal of Active Directory.

If the NTDS Settings object is not properly removed during the process of removing Active Directory, the administrator can use the Ntdsutil tool to manually remove the NTDS Settings object. The following sections outline the procedure for removing the NTDS Settings object from Active Directory for a specific domain controller using the Ntdsutil tool. For more information about the available options, the administrator can type help on each Ntdstutil menu.

Caution

Before manually removing the NTDS Settings object for any server, it is recommended that the administrator also check that replication has occurred because of the removal of Active Directory. Improper use of the Ntdsutil tool can result in partial or complete loss of Active Directory functionality.

For more information about the Ntdsutil tool, see Windows 2000 Support Tools on the Windows 2000 Server operating system CD.

Removing the Domain Controller Object

After you remove Active Directory from a domain controller, the object that represents the server in the Active Directory Sites and Services console remains.

This condition occurs because the server object is a container object that can hold child objects that represent configuration data for other services installed on your computer. For this reason, the wizard does not automatically remove the server object.

Warning

If the server object contains any child objects named NTDS Settings, these objects represent the server as a domain controller and must be removed automatically when Active Directory is removed. If these objects are not removed automatically, or if removal of Active Directory cannot be performed (for example, on a computer that has malfunctioning hardware), these objects must be removed by using the Ntdsutil tool before you can delete the server object.

To remove the domain controller object

1. In the Active Directory Sites and Services, double-click the Sites container to expand it, and then double-click the appropriate site object (the site in which the server resides) to expand the site object.
2. Double-click the Server container, right-click the server object, and then click Delete.
3. When you are prompted to confirm deleting the object, click Yes.

Note

This process might not complete successfully for either of the following reasons:

If you receive a message that states the server is a container that contains other objects, before you continue verify that the appropriate services have been stopped.

If you receive a message that states the NTDS Settings object cannot be deleted, you might be attempting to delete an active domain controller. However, this message would only occur if the NTDS Settings object is the computer which you are trying to delete, otherwise the delete operation will succeed.

An administrator can safely delete the server object in the Active Directory Sites and Services console after all services have been removed and no child objects exist.

For more information about the Ntdsutil tool, see Windows 2000 Support Tools on the Windows 2000 Server operating system CD.

Troubleshooting Active Directory Installation Wizard Errors

When the Active Directory Installation Wizard performs the domain controller promotion process, it automatically creates its own log file: the Dcpromoui.log file. Specifically, it verifies and checks the following:

• The platform including the computer role (stand-alone client, member workstation, stand-alone server, member server, primary controller, or backup controller).
• The version number of the operating system.
• The role change of the computer. If the role change cannot occur, it returns an error message to the user; otherwise, it returns "0".
• Checks for the presence of at least one logical drive formatted with NTFS version 5. If the drive cannot be found, it returns an error message to the user.
• Checks if the user is a member of the Administrators group.

All important API calls are logged with the parameters and the error code returned. For example:

dcpromoui t:0x260 00325                  Calling NetValidateName

dcpromoui t:0x260 00326                  lpServer   : (null)

dcpromoui t:0x260 00327                  lpName     : server.reskit.com

dcpromoui t:0x260 00328                  lpAccount  : (null)

dcpromoui t:0x260 00329                  lpPassword : (null)

dcpromoui t:0x260 00330                  NameType   : NetSetupNonExistentDomain

dcpromoui t:0x260 00331                  Error 0x0 (!0 => error)

The error codes are typically Win32 error codes. For more information about the cause of each error according to API, see the Microsoft Platform SDK link on the Web Resources page at http://windows.microsoft.com/windows2000/reskit/webresources. Please note that not all error codes indicate a malfunction. In some cases, the error is the expected result, as in the following example:

dcpromoui t:0x260 00311                  Calling DsGetDcName

dcpromoui t:0x260 00312                  ComputerName : (null)

dcpromoui t:0x260 00313                  DomainName   : server.reskit.com

dcpromoui t:0x260 00314                  DomainGuid   : (null)

dcpromoui t:0x260 00315                  SiteGuid     : (null)

dcpromoui t:0x260 00316                  Flags        : 0x1

dcpromoui t:0x260 00317                  Error 0x54B (!0 => error)

dcpromoui t:0x260 00318                  Trying again w/ rediscovery

dcpromoui t:0x260 00319                  Error 0x54B (!0 => error)

This example shows that the error 0x54b is returned from two calls to DsGetDcName. 0x54b is ERROR_NO_SUCH_DOMAIN. This is a good result, because you are validating that the domain does not already exist in this context.

Most error conditions occur during the role change, because this is where high-dependency operations occur, such as DNS name resolution or Kerberos v5 authenticated network connections. The Active Directory Installation Wizard displays these errors. Errors returned from the API are divided as follows:

• The operation that was occurring at the time.
• The Win32 error text that occur during that specific operation.

For example:

The Directory Service failed to create the object CN=Test,CN=Partitions,CN=Configuration,DC=server1,DC=reskit,DC=com. Please check the event log for possible system errors.

The operation failed because:

The directory cannot validate the proposed directory partition name because it does not hold a replica of the directory partition above the proposed directory partition. "

In this example, the promotion operation was attempting to create a cross reference object in the directory partition for the new domain, but that operation failed because Active Directory cannot validate the specific domain name. The problem was that installation of the grandchild domain occurred before the child domain was replicated to the Global Catalog server. The corrective action is to force a replication to the Global Catalog server to allow the name validation to occur.

Usually, the problem is a network related issue. The first part of the error code, that is the operation that was happening at the time, helps you to isolate the problem. For example, you might see the message "can't open LDAP connection." The second part of the error code and the second text might help you understand why the error occurred, for example, "unable to authenticate."

For more information about cross reference objects, see "Name Resolution in Active Directory" in this book.

Examining the Dcpromo.log File

While Dcpromoui.log logs all the events from a graphical interface perspective , Dcpromo.log captures the creation and removal of Active Directory, SYSVOL trees and the installation, modification and removal of key services.

For more information about the Active Directory Installation and Removal process and why the following events are logged, see "Active Directory Data Storage" in this book.

Format of Dcpromo.log file

A typical line in Dcpromo.log is formatted as follows:

<time-stamp> <INFO field>: <description of operation>: <status code in hexadecimal>

For example:

08/11 14:08:29 Request for promotion returning 0

The description of the promotion operation is usually self explanatory. The status code is NET API_STATUS or Win32 error code. A 0x0 indicates success, any other code indicates an error.

Examining the Dcpromo.log file from an installation of a child domain

During the gathering information phase, Dcpromo.log captures events that identify the DNS domain name, NetBIOS domain name, site name, and the location of the system volume.

08/16 16:21:07 [INFO] Promotion request for domain controller of new domain

08/16 16:21:07 [INFO] DnsDomainName  user.reskit.com

08/16 16:21:07 [INFO] FlatDomainName  USER0

08/16 16:21:07 [INFO] SiteName  (NULL)

08/16 16:21:07 [INFO] SystemVolumeRootPath  C:\WINNT\SYSVOL

08/16 16:21:07 [INFO] DsDatabasePath  C:\WINNT\NTDS, DsLogPath  C:\WINNT\NTDS

08/16 16:21:07 [INFO] ParentDnsDomainName  reskit.com

08/16 16:21:07 [INFO] ParentServer  (NULL)

08/16 16:21:07 [INFO] Account reskit\administrator

08/16 16:21:07 [INFO] Options  2244

Verify the Ntds.dit file path and verify if SYSVOL is on a fixed drive and resides on an NTFS v5 volume.

08/16 16:21:07 [INFO] Validate supplied paths

08/16 16:21:07 [INFO] Validating path C:\WINNT\NTDS.

08/16 16:21:07 [INFO] Path is a directory

08/16 16:21:07 [INFO] Path is on a fixed disk drive.

08/16 16:21:07 [INFO] Validating path C:\WINNT\NTDS.

08/16 16:21:07 [INFO] Path is a directory

08/16 16:21:07 [INFO] Path is on a fixed disk drive.

08/16 16:21:07 [INFO] Validating path C:\WINNT\SYSVOL.

08/16 16:21:07 [INFO] Path is on a fixed disk drive.

08/16 16:21:07 [INFO] Path is on an NTFS volume

Ensure the name passed in is unique.

08/16 16:21:07 [INFO] Child domain creation -- check the new domain name is child of parent domain name.

08/16 16:21:07 [INFO] Domain Creation -- check that the flat name is unique.

Determine the site to place the domain controller and which domain controller to replicate from

08/16 16:21:22 [INFO] Start the worker task

08/16 16:21:23 [INFO] Request for promotion returning 0

08/16 16:21:23 [INFO] No source DC or no site name specified. Searching for dc in domain reskit.com: ( DS_REQUIRED | WRITABLE )

08/16 16:21:23 [INFO] Searching for a domain controller for the domain reskit.com

08/16 16:21:23 [INFO] Located domain controller reskit.com for domain (null)

08/16 16:21:23 [INFO] No user specified source DC

08/16 16:21:23 [INFO] No user specified site

08/16 16:21:23 [INFO] Using site Default-First-Site-Name for server reskit.com

Force a time synch so Kerberos v5 will authenticate successfully.

08/16 16:21:23 [INFO] Forcing a time synch with \\MARAK.reskit.com

08/16 16:21:17 [INFO] Reading domain policy from the domain controller \\MARAK.reskit.com

08/16 16:21:17 [INFO] Stopping service NETLOGON

08/16 16:21:17 [INFO] Stopping service NETLOGON

08/16 16:21:17 [INFO] Configuring service NETLOGON to 1 returned 0

Prepare the SYSVOL.

08/16 16:21:17 [INFO] Creating the System Volume C:\WINNT\SYSVOL

08/16 16:21:17 [INFO] Deleting current sysvol path C:\WINNT\SYSVOL

08/16 16:21:22 [INFO] Preparing for system volume replication using root C:\WINNT\SYSVOL

Ensure that the computer can be a member of the existing forest. If there is an existing forest, contact the Domain Name Master operations master role owner to verify that the domain does not already exist in the forest.

08/16 16:21:22 [INFO] Copying initial Directory Service database file C:\WINNT\system32\ntds.dit to C:\WINNT\NTDS\ntds.dit

08/16 16:21:28 [INFO] Installing the Directory Service

08/16 16:21:28 [INFO] Calling NtdsInstall for user.reskit.com

08/16 16:21:28 [INFO] Starting the Directory Service installation

08/16 16:21:28 [INFO] Validating user supplied options

08/16 16:21:28 [INFO] Determining local site to enter

08/16 16:21:28 [INFO] Examining existing Enterprise Directory Service

08/16 16:21:30 [INFO] Configuring the local server to host the Directory Service

Replicate the forest data

08/16 16:22:05 [INFO] Replicating the Directory Service schema container

08/16 16:22:09 [INFO] Replicating CN=Schema,CN=Configuration,DC=reskit,DC=com: received 100 out of 1002 objects.

08/16 16:22:11 [INFO] Replicating CN=Schema,CN=Configuration,DC=reskit,DC=com: received 199 out of 1002 objects.

08/16 16:22:13 [INFO] Replicating CN=Schema,CN=Configuration,DC=reskit,DC=com: received 298 out of 1002 objects.

CN=Schema,CN=Configuration,DC=reskit,DC=com: received 1002 out of 1002 objects.

08/16 16:22:31 [INFO] Replicating the Directory Service configuration container

08/16 16:22:33 [INFO] Replicating CN=Configuration,DC=reskit,DC=com: received 99 out of 1236 objects.

08/16 16:22:35 [INFO] Replicating CN=Configuration,DC=reskit,DC=com: received 145 out of 1236 objects.

0

08/16 16:22:53 [INFO] Replicating CN=Configuration,DC=reskit,DC=com: received 1186 out of 1236 objects.

Create the new domain.

08/16 16:22:54 [INFO] Creating Partition: DC=user,DC=reskit,DC=com; 12 objects remaining.

08/16 16:22:54 [INFO] Creating Partition: DC=user,DC=reskit,DC=com; 11 objects remaining.

08/16 16:22:54 [INFO] Creating Partition: DC=user,DC=reskit,DC=com; 10 objects remaining.

08/16 16:22:55 [INFO] Creating Partition: DC=user,DC=reskit,DC=com; 0 objects remaining.

Move the current users and groups from the registry to Active Directory.

08/16 16:22:57 [INFO] Creating new domain security principals

08/16 16:23:00 [INFO] The Directory Service install is completing

08/16 16:23:02 [INFO] NtdsInstall for user.reskit.com returned 0

08/16 16:23:02 [INFO] DsRolepInstallDs returned 0

Set the local LSA policy to host the domain.

08/16 16:23:02 [INFO] Setting AccountDomainInfo to:

08/16 16:23:02 [INFO] Domain: USER0

08/16 16:23:02 [INFO] Sid:  S-1-5-21-776561741-789336058-842925246

Configure the domain and domain controller services to autostart when the computer is restarted.

08/16 16:23:03 [INFO] Configuring service w32time08/16 16:23:04 [INFO] Configuring service w32time to 16 returned 0

08/16 16:23:04 [INFO] Configuring service NETLOGON08/16 16:23:05 [INFO] Configuring service NETLOGON to 16 returned 0

08/16 16:23:05 [INFO] DsRolepSetRegStringValue on SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\Auth2 to RASSFM returned 0

08/16 16:23:05 [INFO] Configuring service RPCLOCATOR08/16 16:23:06 [INFO] Configuring service RPCLOCATOR to 16 returned 0

08/16 16:23:06 [INFO] Configuring service IsmServ08/16 16:23:06 [INFO] Configuring service IsmServ to 16 returned 0

08/16 16:23:06 [INFO] Configuring service kdc08/16 16:23:07 [INFO] Configuring service kdc to 16 returned 0

08/16 16:23:07 [INFO] Configuring service TrkSvr08/16 16:23:08 [INFO] Configuring service TrkSvr to 16 returned 0

08/16 16:23:08 [INFO] Configuring service NETLOGON08/16 16:23:08 [INFO] Configuring service NETLOGON to 144 returned 0

Create a trust relationship to the parent domain.

08/16 16:23:08 [INFO] Setting the LSA policy information08/16 16:23:08 [INFO] Setting the LSA policy information from policy \\MARAK.reskit.com

08/16 16:23:08 [INFO] Creating a parent trust relationship on domain reskit.com08/16 16:23:08 [INFO] Creating trusted domain object on parent

08/16 16:23:08 [INFO] DnsDomain: user.reskit.com

08/16 16:23:08 [INFO] Flat name: USER0

08/16 16:23:08 [INFO] Direction: 3

08/16 16:23:08 [INFO] Type: 2

08/16 16:23:08 [INFO] Attributes: 0x0

08/16 16:23:09 [INFO] Creating a trust relationship with domain user.reskit.com08/16 16:23:09 [INFO] Creating trusted domain object on child

08/16 16:23:09 [INFO] DnsDomain: reskit.com

08/16 16:23:09 [INFO] Flat name: RESKIT

08/16 16:23:09 [INFO] Direction: 3

08/16 16:23:09 [INFO] Type: 2

08/16 16:23:09 [INFO] Attributes: 0x400000

08/16 16:23:14 [INFO] Setting the computer's Dns computer name root to user.reskit.com

Set the registry and file ACLs to become a domain controller.08/16 16:23:23 [INFO] Setting security on the domain controller and Directory Service files and registry keys

08/16 16:23:27 [INFO] Securing users\.default

08/16 16:23:27 [INFO] Securing users\.default\software\microsoft\netdde

08/16 16:23:27 [INFO] Securing users\.default\software\microsoft\protected storage system provider

08/16 16:23:27 [INFO] Securing machine\software

08/16 16:23:28 [INFO] Securing machine\software\classes

08/16 16:23:49 [INFO] Securing machine\software\microsoft\command processor

08/16 16:23:49 [INFO] Securing machine\software\microsoft\cryptography

08/16 16:23:49 [INFO] Securing machine\software\microsoft\driver signing

08/16 16:23:49 [INFO] Securing machine\software\microsoft\enterprisecertificates

08/16 16:23:49 [INFO] Securing machine\software\microsoft\netdde

08/16 16:23:49 [INFO] Securing machine\software\microsoft\non-driver signing

08/16 16:23:49 [INFO] Securing machine\software\microsoft\ntds

08/16 16:23:49 [INFO] Securing machine\software\microsoft\ole

08/16 16:23:49 [INFO] Securing machine\software\microsoft\protected storage system provider

08/16 16:23:49 [INFO] Securing machine\software\microsoft\rpc

08/16 16:23:49 [INFO] Securing machine\software\microsoft\systemcertificates

08/16 16:23:50 [INFO] Securing machine\software\microsoft\windows\currentversion\explorer

08/16 16:23:50 [INFO] Securing machine\software\microsoft\windows\currentversion\group policy

08/16 16:23:50 [INFO] Securing machine\software\microsoft\windows\currentversion\installer

08/16 16:23:50 [INFO] Securing machine\software\microsoft\windows\currentversion\policies

08/16 16:23:50 [INFO] Securing machine\software\microsoft\windows\currentversion\run

08/16 16:23:50 [INFO] Securing machine\software\microsoft\windows\currentversion\runonce

08/16 16:23:50 [INFO] Securing machine\software\microsoft\windows\currentversion\runonceex

08/16 16:23:50 [INFO] Securing machine\software\microsoft\windows\currentversion\uninstall

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\accessibility

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\aedebug

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\asrcommands

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\classes

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\drivers32

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\efs

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\font drivers

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\fontmapper

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\image file execution options

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\inifilemapping

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\perflib

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\perflib\009

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\profilelist

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\secedit

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\svchost

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\time zones

08/16 16:23:50 [INFO] Securing machine\software\microsoft\Windows NT\currentversion\windows

08/16 16:23:50 [INFO] Securing machine\software\policies

08/16 16:23:50 [INFO] Securing machine\system

0

08/16 16:24:31 [INFO] Securing c:\winnt\ntds

08/16 16:24:31 [INFO] Securing c:\winnt\profiles

08/16 16:24:31 [INFO] Securing c:\winnt\repair

08/16 16:24:31 [INFO] Securing c:\winnt\security

08/16 16:24:31 [INFO] Securing c:\winnt\system32

08/16 16:24:40 [INFO] Securing c:\winnt\system32\autoexec.nt

08/16 16:24:40 [INFO] Securing c:\winnt\system32\cmos.ram

08/16 16:24:40 [INFO] Securing c:\winnt\system32\config

08/16 16:24:41 [INFO] Securing c:\winnt\system32\config.nt

08/16 16:24:41 [INFO] Securing c:\winnt\system32\dhcp

08/16 16:24:41 [INFO] Securing c:\winnt\system32\dllcache

08/16 16:24:51 [INFO] Securing c:\winnt\system32\grouppolicy

08/16 16:24:51 [INFO] Securing c:\winnt\system32\hpmon.dll

08/16 16:24:51 [INFO] Securing c:\winnt\system32\hpmon.hlp

08/16 16:24:51 [INFO] Securing c:\winnt\system32\ias

08/16 16:24:51 [INFO] Securing c:\winnt\system32\midimap.cfg

08/16 16:24:51 [INFO] Securing c:\winnt\system32\ntmsdata

08/16 16:24:51 [INFO] Securing c:\winnt\system32\spool

08/16 16:24:51 [INFO] Securing c:\winnt\sysvol

08/16 16:24:51 [INFO] Securing c:\winnt\sysvol\domain\policies

08/16 16:24:52 [INFO] Securing c:\winnt\tasks

08/16 16:24:52 [INFO] Securing c:\winnt\temp

08/16 16:24:52 [INFO] Securing LanManServer

08/16 16:24:57 [INFO] SetProductType to 2 [LanmanNT] returned 0

08/16 16:24:57 [INFO] The attempted domain controller operation has completed

Returns a success or failure when finished running the Active Directory Installation Wizard.

08/16 16:24:58 [INFO] DsRolepSetOperationDone returned 0

For more information about the Active Directory installation and removal process, see "Active Directory Data Storage" in this book. For more information about cross-reference objects, see "Name Resolution in Active Directory" in this book.

© 1985-2000 Microsoft Corporation. All rights reserved.