Install Active Directory onto a Sharepoint VM AFTER having setup Sharepoint

**Note: this post it limited in scope to the Single Sharepoint VM environment, anything more complicated is frankly beyond my feeble server administration skills.

If you try to install AD and DNS onto a Sharepoint VM after having already installed Sharepoint you run into a range of problems. The first time I tried to fix the problem I fried my environment and had to revert to a snapshot.

First, install AD and DNS as you normally would. Here’s a link to the guide I used.

At this point if you try to hit your Central Administration site or any other Sharepoint site, you’ll get a Service Unavailable message on any page you hit.

I tried the following to bring up something, anything Sharepoint:

  • Hitting my server via the computer name (http://phoenix:5555)
  • Hitting my server via the IP address (
  • Hitting my server via localhost (http://localhost:5555)
  • Hitting my server via the fully qualified domain name (http://phoenix.kmtests.local:5555/)

None of these works, and if I wasn’t getting the Service Unavailable message, I was getting one that said:

Under Construction

The site you are trying to view does not currently have a default page. It may be in the process of being upgraded and configured.

Looking at the server logs, you see two errors:

Application Log Screenshot

Application Log Screenshot

System Log screenshot

System Log screenshot

Aha! Adding a domain to the mix changes all the user accounts so that your old accounts need to be reconfigured. This is easily done by going into IIS Manager and updating the Identities of all of the app pools to reflect the new, domain enabled accounts.

i.e. servername\MossServiceAcct becomes domainName\MossServiceAcct



Having reconfigured the app pools, trying to hit the server again give you a message that says

The current identity (domainName\MossServiceAcct) does not have write access to ‘c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files’.

You can resolve this easily by navigating to that location and by granting write access to the folder in question (you will need to do this for each unique service account which hits the Temporary ASP.NET Files folder).

Central Admin will loads, but hold on cowboy/girl, you won’t be able to get to any of the pages on the Operations or Application Management tabs.

Some or all identity references could not be translated.   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)

Will it never end?

Ultimately I followed the process outlined on two specific web pages (retyping them would be silly)

Following Joel’s tips I got 100% of the way, but the other page a good reference anyways. I found that there were so many passwords to re-enter that I missed a couple (specifically the stsadm -o editssp command) but got there in the end.

Good luck, it’s a painful process, but a possible one. Just be careful and meticulous and you should be okay.

Leave a Reply

Your email address will not be published. Required fields are marked *