GPO backup failed with the error: Remote directory creation failed

GPO backup failed with the error: Remote directory creation failed

Issue description   

This error occurs when attempting to back up GPOs in ADManager Plus. The backup fails with the message:

Remote directory creation failed. 

As a result, GPO backup operations cannot proceed.

Possible causes   

  1. Insufficient permissions: The ADManager Plus service account lacks privileges to access the domain controller.

  2. Network or connectivity issues: The ADManager Plus server does not have network access to the domain controller.

  3. Temporary service issuesThe issue might be caused by an internal service or communication error.

Prerequisites   

  • Confirm stable network connectivity between the ADManager Plus server and the domain controller.

Resolution   

Step 1: Confirm service account permissions

  1. Open Active Directory Users and Computers (ADUC).

  2. Locate the ADManager Plus service account.

  3. Go to Properties > Member Of, and check if it's part of the Administrators group.

  4. If not, click Add, enter Administrators, and click OK.

Step 2: Alternative permissions configuration (if full admin rights aren't preferred)

  1. Add to Backup Operators group

    1. Add the service account to the Backup Operators group in Active Directory.

    2. This allows the account to back up and restore files without full administrative access.

  2. Modify ADMIN$ share permissions

    1. On the domain controller, open Computer Management (compmgmt.msc).

    2. Go to Shared Folders > Shares, right-click ADMIN$, and select Properties.

    3. Under Permissions, add the service account with Read & Execute and Write permissions.

  3. Delegate GPO backup permissions (if required)

    1. Open Group Policy Management Console (gpmc.msc).

    2. Right-click Group Policy Objects > Delegate Control.

    3. Add the service account and grant Edit Settings, Delete, and Modify Security permissions.

Step 3: Verify access to ADMIN$ share  

  1. Log in to the ADManager Plus server using the service account.

  2. Open File Explorer and enter: \\<domain-controller-name>\ADMIN$

  3. If access is denied, ensure:

    • The ADMIN$ share is enabled on the domain controller.

    • File sharing and administrative shares are not restricted by policy or firewall.

Step 4: Confirm effective permissions

  1. On the domain controller, go to ADMIN$ > Properties > Security > Advanced > Effective Access.

  2. Select the service account and verify it has the required permissions.

Tips 

  • Use a dedicated service account with consistent privileges for all ADManager Plus operations.

  • Audit access regularly to avoid permission-related failures over time.

  • Monitor logs for any errors related to service account or network issues.

  • Maintain network stability to ensure uninterrupted communication with domain controllers.

How to reach support       

If the issue persists, contact our support team here

                  New to ADSelfService Plus?