|
Question : "Access is denied" when attempting to promote server to become second Domain Controller
|
|
Hi,
I'm getting an error message while running dcpromo to promote a server to become a second Domain Controller.
The error message is :
===================================== (Error window's caption: New Credentials) The operation failed because : The Active Directory Installation Wizard was unable to convert the computer account GEMINI$ to a domain controller account. "Access is denied". =====================================
I'm then asked to type a username & password of an account with sufficient privileges to create an additional domain controller, and to click 'Retry' or to optionally 'Cancel' the promotion process. I've retried several times, and can confirm that I'm getting the name & password correct.
I haven't pressed 'Cancel' yet, as I've heard that cancelling dcpromo can leave the computer with a faulty configuration.
The acccount I'm trying to use is the built-in administrator account "administrator" on the domain, which is a member of the Administrators, Domain Admins, Enterprise Admins and Schema Admins groups.
The network has a single Windows domain. The current DC is running on Windows 2000 Server SP4. adprep /forestprep and adprep /domainprep were run on the current DC before the dcpromo.
The server to be promoted to become an additional DC is Windows 2003 Server EE R2. This server is called "GEMINI"
Any help would be appreciated.
Many thanks, amral22
|
|
Answer : "Access is denied" when attempting to promote server to become second Domain Controller
|
|
Try the following
1. Go to Active Directory Users and Computers, right click Domain Controllers Organizational Unit go to properties. click group policy tab edit the Default Domain Controllers Policy. 2. Double-click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment. 3. Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group. Force the policy replication using secedit /refreshpolicy machine_policy /enforce
|
|
|
|