Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY
From: Aimme Lirette MSFT (alirette_at_online.microsoft.com)
Date: 04/27/04
- Next message: farakh: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Previous message: Mark Maddox: "Re: DCPROMO"
- In reply to: farakh: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Next in thread: farakh: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Reply: farakh: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Apr 2004 14:59:24 -0500
Ok, do you have a default domain controller policy?
And what account are you using? Is it an enterprise admin?
-- This posting is provided "AS IS" with no warranties, and confers no rights. "farakh" <farakh@davis-furniture.com> wrote in message news:4ee201c42c83$4ca1b320$a601280a@phx.gbl... > I have done all of the below and it is still giving me the > same error. > >-----Original Message----- > >From reading the information below here are a few things > that you should > >check: > > > >1. Make sure that this server is pointing to the > existing domain controller > >for Primary DNS (at least until after the promotion. > > > >2. Below you said that your account is a domain admin- > but is it an > >Enterprise admin? When running DCPROMO changes are made > to the computer > >account and to site information- which only Enterprise > admins, or the > >administrator of the first domain in the forest have > permissions to. > > > >3. Check the default domain controller policy and make > sure Administrators > >have the right to Enable computer and user accounts to be > trusted for > >delegation. -- below I see that you don't have a "default > domain controller > >policy". by default there should be one in the domain. > If you open active > >directory users and computers then right click on the > Domain Controllers OU > >and choose the policies tab- you should have a "default > domain controllers > >policy" listed. If you don't that could be a problem. > > > >If the group policy object is missing you may need to > restore it from a > >backup. > > > >-- > >This posting is provided "AS IS" with no warranties, and > confers no rights. > >"FARAKH" <anonymous@discussions.microsoft.com> wrote in > message > >news:460501c42bc6$a3e661c0$a601280a@phx.gbl... > >> >-----Original Message----- > >> >I have read both of the below articles. I have tried, > but > >> >I dont have a domain controller policy on my network. > >> >Should I have one? I dont know what to do. Can > someone > >> >please instruct me on how to fix this problem. > >> >>-----Original Message----- > >> >>Farakh, > >> >> > >> >>I assume that you found the MSKB article on this. Did > >> >you follow it? Did > >> >>that resolve your issue? > >> >> > >> >>Did you look at the following two MSKB Articles: > >> >> > >> >>http://support.microsoft.com/?id=232070 > >> >>http://support.microsoft.com/?id=250874 > >> >> > >> >>They usually resolve this issue. > >> >> > >> >>HTH, > >> >> > >> >>Cary > >> >> > >> >> > >> >>"farakh" <farakh@davis-furniture.com> wrote in message > >> >>news:34f201c42947$16ad27c0$a401280a@phx.gbl... > >> >>> I removed the server. Renamed it. tried dcpromo. > and > >> >>> still doesn't work. > >> >>> when I run dcpromo i get the error "failed to modify > >> the > >> >>> necessary properties for the machine acount, access > is > >> >>> denied" > >> >>> the initial part of the promotion was successful, > this > >> >is > >> >>> verified because the computer becomes a member > server > >> in > >> >>> the domain, but the promotion to domain controller > did > >> >not > >> >>> succeed because dcpromo could not modify the machine > >> >>> account. > >> >>> I did some research and found that the this problem > can > >> >>> occur if the account that is used to promote has not > >> >been > >> >>> assigned the "delegation privilege". > >> >>> I am promoting using the administrator account. I > >> don't > >> >>> know what else to do. I don't have a "default > domain > >> >>> controllers policy". So I can't modify that. Is > >> >something > >> >>> wrong with active directory? > >> >>> >-----Original Message----- > >> >>> >From the original error message you gave it is > having > >> a > >> >>> >problem modifying the Computer account within > Active > >> >>> >Directory. This tells me that you still have the > name > >> >as > >> >>> >well as the GUID for that server listed in Active > >> >>> >Directory. Until you active directory with > respects to > >> >>> >that member server you will not be able to promote > it. > >> >>> >Active Directory thinks it is doing something else. > >> >>> > > >> >>> >Rich > >> >>> >>-----Original Message----- > >> >>> >>did all of the above. why is access denied? > >> >>> >>>-----Original Message----- > >> >>> >>>Try putting the DNS Primary to the current Domain > >> >>> >>>Controllers DNS IP. Ping that server to ensure > that > >> >you > >> >>> >>>are getting a FQDN (example: server1.domain.msft) > >> >>> >>>The only other thing I can recommend is to do a > >> >>> Metadata > >> >>> >>>cleanup and ensure that the name you have on that > >> >>> server > >> >>> >>>isn't listed anywhere in Active Directory. If it > is > >> >>> then > >> >>> >>>remove it. You could also change the name of the > >> >server > >> >>> >>>then try to promote it. > >> >>> >>> > >> >>> >>>Rich > >> >>> >>>>-----Original Message----- > >> >>> >>>>I have done that also. Removed it from > computers > >> in > >> >>> >>>>Active directory and then tried to promote to a > dc. > >> >>> >>>still > >> >>> >>>>didn't work. > >> >>> >>>>>-----Original Message----- > >> >>> >>>>>Earlier you said that you had removed the > server > >> >from > >> >>> >>>the > >> >>> >>>>>domain. Meaning that it was nolonger a member > >> >server.? > >> >>> >>>>>If this is the case then you shouldn't see the > >> >>> >computer > >> >>> >>>>>listed in active directory computers. You will > >> >need > >> >>> >to > >> >>> >>>>>delete that account before you can use the same > >> >>> >>computer > >> >>> >>>>>name for a domain controler. > >> >>> >>>>> > >> >>> >>>>>Rich > >> >>> >>>>>>-----Original Message----- > >> >>> >>>>>>I had to seize the fsmo roles and transfer to > >> >>> >>different > >> >>> >>>>>>server. dcdiag and netdiag all pass. the > server > >> >is > >> >>> >>>>>listed > >> >>> >>>>>>under computers in active directory but it is > >> not > >> >>> >>>>listed > >> >>> >>>>>>under domain controllers. I would like it to > be > >> a > >> >>> >>>>domain > >> >>> >>>>>>controller. > >> >>> >>>>>>I start dcpromo.exe enter the domain info, set > >> the > >> >>> >>>>>>settings, put in pw, click next it contacts > the > >> >pdc > >> >>> >>>then > >> >>> >>>>>>it gives me the error "failed to modify the > >> >>> necessary > >> >>> >>>>>>properties for the machine accout. access is > >> >>> denied" > >> >>> >>>>Why > >> >>> >>>>>>is access denied? I am the administrator. I > am > >> >in > >> >>> >>the > >> >>> >>>>>>administrators group. I am using my > credentials > >> >to > >> >>> >>log > >> >>> >>>>>in. > >> >>> >>>>>> > >> >>> >>>>>>Please help > >> >>> >>>>>>>-----Original Message----- > >> >>> >>>>>>>Do you get any errors when you do a Netdiag > on > >> >the > >> >>> >>>>>server > >> >>> >>>>>>>and a DCdiag on the domain controllers? > >> >>> >>>>>>>when the PDC failed did you do a FSMO move to > >> one > >> >>> of > >> >>> >>>>the > >> >>> >>>>>>>other DCs? Did you do a metadata clean up on > >> that > >> >>> >>>>server > >> >>> >>>>>>>after the PDC failure? Also ensure that the > >> >server > >> >>> >>>you > >> >>> >>>>>>>are promoting isn't already listed in Active > >> >>> >>>Directory. > >> >>> >>>>>>> > >> >>> >>>>>>>Rich > >> >>> >>>>>>> > >> >>> >>>>>>>>-----Original Message----- > >> >>> >>>>>>>>Yes it is a member server right now. I have > >> >>> >already > >> >>> >>>>>>>>removed the server from the domain and > tried to > >> >>> >>>>promote > >> >>> >>>>>>>it > >> >>> >>>>>>>>as a dc, but to no avail. this server is a > >> >>> >>secondary > >> >>> >>>>>>dns > >> >>> >>>>>>>>server. I have the server pointing to > itself > >> as > >> >>> >>>>>primary > >> >>> >>>>>>>>dns and to the primary dns server as the > >> >secondary > >> >>> >>>dns. > >> >>> >>>>>>>>>-----Original Message----- > >> >>> >>>>>>>>>Is this server a member server right now? > I > >> >have > >> >>> >>>had > >> >>> >>>>>>>>>problems promoting a member Server to a > DC. I > >> >>> have > >> >>> >>>>>>>always > >> >>> >>>>>>>>>removed the server from the domain and then > >> >>> >>promoted > >> >>> >>>>>it > >> >>> >>>>>>>>>into the domain as a DC. > >> >>> >>>>>>>>> > >> >>> >>>>>>>>>The other thing to ensure is that you are > >> >>> pointing > >> >>> >>>>the > >> >>> >>>>>>>>DNS > >> >>> >>>>>>>>>settings to the internal DNS server of the > >> >domain. > >> >>> >>>>>>>>> > >> >>> >>>>>>>>>HTH > >> >>> >>>>>>>>>Rich > >> >>> >>>>>>>>> > >> >>> >>>>>>>>>>-----Original Message----- > >> >>> >>>>>>>>>>I am trying to add a domain controller to > our > >> >>> >>>>domain. > >> >>> >>>>>>>>>>Already have to domain controllers > running. > >> >>> When > >> >>> >>I > >> >>> >>>>>go > >> >>> >>>>>>>>>>through dcpromo, I get an error "the > >> operation > >> >>> >>>>failed > >> >>> >>>>>>>>>>because: failed to modify the necessary > >> >>> >>properties > >> >>> >>>>>>for > >> >>> >>>>>>>>>>the machine account $servername, access is > >> >>> >>>denied". > >> >>> >>>>>>>>>>I have checked dns settings and I am > logging > >> >in > >> >>> >as > >> >>> >>>>>the > >> >>> >>>>>>>>>>administrator of the domain. > >> >>> >>>>>>>>>>Please help. > >> >>> >>>>>>>>>>P.s A couple of months ago our PDC > crashed > >> >and > >> >>> I > >> >>> >>>>had > >> >>> >>>>>>>to > >> >>> >>>>>>>>>>sieze the roles and assign them to another > >> >>> domain > >> >>> >>>>>>>>>>controller. when I run dcdiag and > netdiag, > >> >>> >>>>>everything > >> >>> >>>>>>>>>>looks good. Please help. > >> >>> >>>>>>>>>>. > >> >>> >>>>>>>>>> > >> >>> >>>>>>>>>. > >> >>> >>>>>>>>> > >> >>> >>>>>>>>. > >> >>> > >> >> > >> >> > >> >>. > >> >> > >> >. > >> > > > > > > >. > >
- Next message: farakh: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Previous message: Mark Maddox: "Re: DCPROMO"
- In reply to: farakh: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Next in thread: farakh: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Reply: farakh: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
