Select the product you need help with
"Access is denied" error message when you create a child domain remotely by using Install-AddsDomainArticle ID: 2738060 - View products that this article applies to. SymptomsWhen you use the Install-AddsDomain Windows Server 2012 AddsDeployment Windows PowerShell module cmdlet together with the Invoke-Command cmdlet to remotely create a new child domain, you receive the following error message: Invoke-command -computer DC2-FULL -credential (get-credential) -scriptblock {Install-addsdomain -newdomainname child -parentdomain contoso.com -domaintype child -credential (get-credential) -dnsdelegationcredential (get-credential)} PSComputerName : DC2-full RunspaceId : ca62ff66-cc34-4ec8-8504-863c950c473a Message : The operation failed because: Failed to create a trust with domain child.contoso.com on the parent domain controller dc1-full.contoso.com "Access is denied." This server has been disjoined from domain "CONTOSO". Context : DCPromo.General.54 RebootRequired : False Status : Error Additionally, the server is removed from the parent domain, and no child domain is created. CauseThis issue occurs because credentials that were given to-dnsdelegationcredential contained a bad password. ResolutionTo resolve this issue, follow these steps:
More informationUnlike the password for the other two credentials that are provided in this scenario, the password for the DNS delegation credential is not tested until it is actually used. However, at that point in the domain deployment, many other changes have been made, and the bad credentials cause a fatal error when they are used later. This issue occurs only when you provide a bad password through remote Windows PowerShell invocation. If the DNS delegation is run locally, the delegation will still fail but will provide a warning that delegation was not configured and will let promotion otherwise succeed. PropertiesArticle ID: 2738060 - Last Review: October 2, 2012 - Revision: 7.0
|
Back to the top
