Question : "Access is denied" when attempting to promote server to become second Domain Controller

Hi,

I'm getting an error message while running dcpromo to promote a server to become a second Domain Controller.

The error message is :

=====================================
(Error window's caption: New Credentials)
The operation failed because : The Active Directory Installation Wizard was unable to convert the computer account GEMINI$ to a domain controller account. "Access is denied".
=====================================

I'm then asked to type a username & password of an account with sufficient privileges to create an additional domain controller, and to click 'Retry' or to optionally 'Cancel' the promotion process.
I've retried several times, and can confirm that I'm getting the name & password correct.

I haven't pressed 'Cancel' yet, as I've heard that cancelling dcpromo can leave the computer with a faulty configuration.

The acccount I'm trying to use is the built-in administrator account "administrator" on the domain, which is a member of the Administrators, Domain Admins, Enterprise Admins and Schema Admins groups.

The network has a single Windows domain.
The current DC is running on Windows 2000 Server SP4.
adprep /forestprep and adprep /domainprep were run on the current DC before the dcpromo.

The server to be promoted to become an additional DC is Windows 2003 Server EE R2.
This server is called "GEMINI"

Any help would be appreciated.

Many thanks,
amral22

Answer : "Access is denied" when attempting to promote server to become second Domain Controller

Try the following

1. Go to Active Directory Users and Computers, right click Domain Controllers Organizational Unit go to properties.
click group policy tab edit the Default Domain Controllers Policy.
2. Double-click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.
3. Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group.
Force the policy replication using
secedit /refreshpolicy machine_policy /enforce

Random Solutions

Access VBA Help for Form Movement

Microsoft Office Access can't open the file...

I am unable to open another users mailbox in Outlook 07

Debug Assertion Failed...Help

How do I suppress default click behaviour on hyperlink field on form?

Remote Desktop Keeps Launching Explorer

How many user can work in a Visual Foxpro 9.0 application at the same time

Save file from Attachment type data field

problem with db_mail

Error Message "Windows cannot log you on because your profile cannot be loaded