During configuring AD DS on EC2 Windows Server 2019 instance and adding it to existing domain (AWS Simple Active Directory) with Server Manager I got error:
ADPrep execution failed --> System.ComponentModel.Win32Exception (0x80004005): A device attached to the system is not functioning. Check the log files in the C:\Windows\debug\adprep\logs\20201103080523 directory for detailed information.
Information from logs mentioned in error message: File ldif.err.48:
25: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=ad,DC=tws,DC=companyname,DC=com Entry DN: CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=ad,DC=tws,DC=companyname,DC=com Add error on entry starting on line 406: Invalid Syntax The server side error is: 0x200b The attribute syntax specified to the directory service is invalid. The extended server error is: 0000200B: objectclass_attrs: attribute 'rDNAttID' on entry 'CN=ms-DS-Claim-Types,CN=Schema,CN=Configuration,DC=ad,DC=tws,DC=companyname,DC=com' contains at least one invalid value! 24 entries modified successfully. An error has occurred in the program
[2020/11/03:08:05:23.873] The command line passed to ldifde is ldifde -i -f "C:\Windows\system32\adprep\sch48.ldf" -s "aws-123456be42.ad.tws.companyname.com" -h -j "C:\Windows\debug\adprep\logs\20201103080523" -$ "C:\Windows\system32\adprep\schupgrade.cat" [2020/11/03:08:05:46.021] ERROR: Import from file C:\Windows\system32\adprep\sch48.ldf failed. Error file is saved in C:\Windows\debug\adprep\logs\20201103080523\ldif.err.48. If the error is "Insufficient Rights" (Ldap error code 50), please make sure the specified user has rights to read/write objects in the schema and configuration containers, or log off and log in as an user with these rights and rerun forestprep. In most cases, being a member of both Schema Admins and Enterprise Admins is sufficient to run forestprep. [2020/11/03:08:05:46.091] Adprep was unable to upgrade the schema on the schema master. [Status/Consequence] The schema will not be restored to its original state. [User Action] Check the Ldif.err log file in the C:\Windows\debug\adprep\logs\20201103080523 directory for detailed information. [2020/11/03:08:05:46.091] Adprep was unable to update forest information. [Status/Consequence] Adprep requires access to existing forest-wide information from the schema master in order to complete this operation. [User Action] Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20201103080523 directory for more information.
I'm trying to setup AD FS as a SAML identity provider with an Amazon Cognito user pool following this guide.
In order to do so, there is a need to setup and configure AD DS, AD FS and IIS on EC2 Windows instance, as described at this guide.
Following this guides I'm trying to configure AD DS on EC2 Windows Server 2019 instance. This EC2 added to AWS Simple Active Directory domain. To configure AD DS I follow the instructions under To install AD DS by using Server Manager, beginning with step 9 at this guide: Install Active Directory Domain Services
User contributions licensed under CC BY-SA 3.0