“You do not have sufficient privileges to create a container in Active Directory at location CN=f2e868b0-f4f5-4648-8dda-5a031d478753,CN=ADFS,CN=Microsoft,CN=Program Data,DC=rblab,DC=com for use with sharing certificates. Verify that you are logged on as a Domain Admin or have sufficient privileges to create this container, and try again.”
Unleash the Potential of Power Platform With a Center of Excellence
Business innovation often comes from within. Discover how to empower innovation from non-traditional developers with the Microsoft Power Platform.
Chances are that if you receive this error, either you are not signed with the correct account and/or permissions were not granted properly to the account OR the Program Data container has been deleted within your Active Directory environment. If you are certain your account is in good standing, then check to see of the Program Data container is there. The Program Data is a default empty container within Active Directory that stores application specific data in the domain directory partition. This container can only be viewed when turning on Advanced Features within ADUC or through ADSI Edit.
The resolution is to simply re-create the container structure.
Within ADSI Edit, perform the following tasks to create the missing container structure:
- Open ADSI Edit as shown below
- Select Domain directory
- Right click and select New > Object
- Select Container
- Type the Value – Program Data. Click Finish
- Click on the new container, Program Data, right click and select New > Object
- Type the Value – Microsoft. Click Finish
** Default permissions are automatically granted during the creation of the containers.
You can now continue with the configuration of AD FS.