AD FS 2.0 Configuration Wizard Fails – or where is my Program Data ?


Hi Again,

I’ve encountered a funny situation the other day with a new Office 365 hybrid deployment with an initial install of ADFS 2.0 for Federation with Office 365 and SSO.

The first attempt of running the “AD FS 2.0 Federation Server Configuration Wizard” ended with a failure:

You do not have sufficient privileges to create a container in Active Directory at location CN=46bd8c28-c299-475b-9853-8176010f4273,CN=ADFS,CN=Microsoft,CN=Program Data,DC=Domain,DC=com for use with sharing certificates. Verify that you are logged on as a Domain Admin or have sufficient privileges to create this container, and try again.

Create Active Directory container for sharing certificates - Error

Well, I’ve double checked my logged on user credentials, the built-in Administrator – we have all the required permissions. I’ve opened ADSIedit and looked for the Program Data container under the domain partition, just to make sure no permissions issues are indeed preventing this wizard to complete.

Guess what – no Program Data container !!?

I had the feeling that the container was moved rather then deleted or removed completely.. so I decided made a little search, a custom search for containers with a description starting with the string “default”

Search Program Data Container

Program Data Container Found

Found it (!) and moved it to the root of the Domain tree, then I’ve started the the ADFS configuration wizard again.

Adfs Configuration Successful

Case closed 🙂  happy ADFS and a working federation with Office 365

Advertisements

About ilantz

I am a technology enthusiastic, I've been working as an IT consultant since late 2007, I attained extensive experience with Microsoft's Exchange Server, Active Directory, Forefront products and the Windows server platform. I love designing solutions, handling security measures, architecture and advanced troubleshooting.
This entry was posted in ADFS, Office 365. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s