Regardless of how long you wait, the installation never proceeds beyond this point. Additionally, when you examine the Directory Services event logs, you see the following repeated events:
- The server's built-in Administrator account has the same password as the built-in domain Administrator account.
- The NetBIOS domain prefix or UPN were not provided as credentials for installation. Instead, only the user name "Administrator" was provided.
- Restart the server on which Active Directory could not be installed.
- Use Dsa.msc or Dsac.exe on an existing domain controller to delete the failed server's computer account. (The domain controller will not yet be a domain controller object but only a member server.) Then, let Active Directory replication converge.
- On the failed server, forcibly remove the server from the domain by using the System Properties Control Panel item or netdom.exe.
- On the failed server, remove the Active Directory Domain Services (AD DS) role by using Server Manager or Uninstall-WindowsFeature.
- Restart the failed server.
- Install the AD DS role, and then try the promotion again. When you do this, make sure that you provide promotion credentials in the form "domain\user" or "firstname.lastname@example.org."
If you set different passwords on the two Administrator accounts but do not provide the domain, you receive a bad password error.
We do not recommend that you use the built-in Administrator for domain administration. Instead, we recommend that you create a new domain user for each administrator in the environment. Then, the actions of administrators can be audited individually.
We strongly discourage you from using matching Administrator passwords on member servers and the domain Administrator account. Local passwords are more easily compromised than AD DS accounts, and knowledge of the matching Administrator passwords grants full enterprise administrative access.
Artikelnummer: 2737935 – Letzte Überarbeitung: 10.09.2012 – Revision: 1