If you get the following error when running DCPROMO.EXE please continue reading.
The operation failed because:
This Active Directory Domain Services installation requires domain configuration changes, but whether these changes have been made on the Active Directory Domain Controller [SERVER] is undetermined. The installation process has quit. Extended error Extended error: DSID – 0x180f0633 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:
‘CN=[SERVER],CN=Servers,CN=[SITE],CN=Sites,CN=Configuration,DC=[...]‘ 32 .
“The system cannot find the file specified.”
This error can occur if you have not granted necessary permissions to read data in the directory. For more information, please see article 936241 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=88420).
Now, being as helpful as they usually are Microsoft has gone and deleted the KB article referenced in the error message. Fantastic. Beautiful, boys. But as far as I can tell this error usually occurs after a domain controller (DC) is ungracefully demoted (see: Microsoft KB216498).
The fix for me has consistently been transferring all FSMO roles to a remaining DC. Of course one would think carefully following the NTDS metadata cleanup procedure (referenced above) should have already taken care of this, but I’ve noticed this condition several times now, prompting me to wonder if the procedure should be updated to at least hint at this condition.
Keep in mind that the FSMO role transfer will likely be a forceful seizure if the downed DC was the operations master for the FSMO role causing this error. This shouldn’t be an issue for most cases, but it’s worth noting.