Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY
From: farakh (anonymous_at_discussions.microsoft.com)
Date: 04/27/04
- Next message: Sriram.V: "RE: Exchange Error 4021"
- Previous message: Aimme Lirette MSFT: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- In reply to: Aimme Lirette MSFT: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Next in thread: Greg: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Reply: Greg: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Apr 2004 13:11:05 -0700
I have a default domain controller policy. I am logging
in as administrator, and administrator is a member of
enterprise admins.
>-----Original Message-----
>Ok, do you have a default domain controller policy?
>And what account are you using? Is it an enterprise
admin?
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>"farakh" <farakh@davis-furniture.com> wrote in message
>news:4ee201c42c83$4ca1b320$a601280a@phx.gbl...
>> I have done all of the below and it is still giving me
the
>> same error.
>> >-----Original Message-----
>> >From reading the information below here are a few
things
>> that you should
>> >check:
>> >
>> >1. Make sure that this server is pointing to the
>> existing domain controller
>> >for Primary DNS (at least until after the promotion.
>> >
>> >2. Below you said that your account is a domain admin-
>> but is it an
>> >Enterprise admin? When running DCPROMO changes are
made
>> to the computer
>> >account and to site information- which only Enterprise
>> admins, or the
>> >administrator of the first domain in the forest have
>> permissions to.
>> >
>> >3. Check the default domain controller policy and make
>> sure Administrators
>> >have the right to Enable computer and user accounts to
be
>> trusted for
>> >delegation. -- below I see that you don't have
a "default
>> domain controller
>> >policy". by default there should be one in the domain.
>> If you open active
>> >directory users and computers then right click on the
>> Domain Controllers OU
>> >and choose the policies tab- you should have a "default
>> domain controllers
>> >policy" listed. If you don't that could be a problem.
>> >
>> >If the group policy object is missing you may need to
>> restore it from a
>> >backup.
>> >
>> >--
>> >This posting is provided "AS IS" with no warranties,
and
>> confers no rights.
>> >"FARAKH" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:460501c42bc6$a3e661c0$a601280a@phx.gbl...
>> >> >-----Original Message-----
>> >> >I have read both of the below articles. I have
tried,
>> but
>> >> >I dont have a domain controller policy on my
network.
>> >> >Should I have one? I dont know what to do. Can
>> someone
>> >> >please instruct me on how to fix this problem.
>> >> >>-----Original Message-----
>> >> >>Farakh,
>> >> >>
>> >> >>I assume that you found the MSKB article on this.
Did
>> >> >you follow it? Did
>> >> >>that resolve your issue?
>> >> >>
>> >> >>Did you look at the following two MSKB Articles:
>> >> >>
>> >> >>http://support.microsoft.com/?id=232070
>> >> >>http://support.microsoft.com/?id=250874
>> >> >>
>> >> >>They usually resolve this issue.
>> >> >>
>> >> >>HTH,
>> >> >>
>> >> >>Cary
>> >> >>
>> >> >>
>> >> >>"farakh" <farakh@davis-furniture.com> wrote in
message
>> >> >>news:34f201c42947$16ad27c0$a401280a@phx.gbl...
>> >> >>> I removed the server. Renamed it. tried
dcpromo.
>> and
>> >> >>> still doesn't work.
>> >> >>> when I run dcpromo i get the error "failed to
modify
>> >> the
>> >> >>> necessary properties for the machine acount,
access
>> is
>> >> >>> denied"
>> >> >>> the initial part of the promotion was successful,
>> this
>> >> >is
>> >> >>> verified because the computer becomes a member
>> server
>> >> in
>> >> >>> the domain, but the promotion to domain
controller
>> did
>> >> >not
>> >> >>> succeed because dcpromo could not modify the
machine
>> >> >>> account.
>> >> >>> I did some research and found that the this
problem
>> can
>> >> >>> occur if the account that is used to promote has
not
>> >> >been
>> >> >>> assigned the "delegation privilege".
>> >> >>> I am promoting using the administrator account.
I
>> >> don't
>> >> >>> know what else to do. I don't have a "default
>> domain
>> >> >>> controllers policy". So I can't modify that. Is
>> >> >something
>> >> >>> wrong with active directory?
>> >> >>> >-----Original Message-----
>> >> >>> >From the original error message you gave it is
>> having
>> >> a
>> >> >>> >problem modifying the Computer account within
>> Active
>> >> >>> >Directory. This tells me that you still have the
>> name
>> >> >as
>> >> >>> >well as the GUID for that server listed in
Active
>> >> >>> >Directory. Until you active directory with
>> respects to
>> >> >>> >that member server you will not be able to
promote
>> it.
>> >> >>> >Active Directory thinks it is doing something
else.
>> >> >>> >
>> >> >>> >Rich
>> >> >>> >>-----Original Message-----
>> >> >>> >>did all of the above. why is access denied?
>> >> >>> >>>-----Original Message-----
>> >> >>> >>>Try putting the DNS Primary to the current
Domain
>> >> >>> >>>Controllers DNS IP. Ping that server to ensure
>> that
>> >> >you
>> >> >>> >>>are getting a FQDN (example:
server1.domain.msft)
>> >> >>> >>>The only other thing I can recommend is to do
a
>> >> >>> Metadata
>> >> >>> >>>cleanup and ensure that the name you have on
that
>> >> >>> server
>> >> >>> >>>isn't listed anywhere in Active Directory. If
it
>> is
>> >> >>> then
>> >> >>> >>>remove it. You could also change the name of
the
>> >> >server
>> >> >>> >>>then try to promote it.
>> >> >>> >>>
>> >> >>> >>>Rich
>> >> >>> >>>>-----Original Message-----
>> >> >>> >>>>I have done that also. Removed it from
>> computers
>> >> in
>> >> >>> >>>>Active directory and then tried to promote
to a
>> dc.
>> >> >>> >>>still
>> >> >>> >>>>didn't work.
>> >> >>> >>>>>-----Original Message-----
>> >> >>> >>>>>Earlier you said that you had removed the
>> server
>> >> >from
>> >> >>> >>>the
>> >> >>> >>>>>domain. Meaning that it was nolonger a
member
>> >> >server.?
>> >> >>> >>>>>If this is the case then you shouldn't see
the
>> >> >>> >computer
>> >> >>> >>>>>listed in active directory computers. You
will
>> >> >need
>> >> >>> >to
>> >> >>> >>>>>delete that account before you can use the
same
>> >> >>> >>computer
>> >> >>> >>>>>name for a domain controler.
>> >> >>> >>>>>
>> >> >>> >>>>>Rich
>> >> >>> >>>>>>-----Original Message-----
>> >> >>> >>>>>>I had to seize the fsmo roles and transfer
to
>> >> >>> >>different
>> >> >>> >>>>>>server. dcdiag and netdiag all pass. the
>> server
>> >> >is
>> >> >>> >>>>>listed
>> >> >>> >>>>>>under computers in active directory but it
is
>> >> not
>> >> >>> >>>>listed
>> >> >>> >>>>>>under domain controllers. I would like it
to
>> be
>> >> a
>> >> >>> >>>>domain
>> >> >>> >>>>>>controller.
>> >> >>> >>>>>>I start dcpromo.exe enter the domain info,
set
>> >> the
>> >> >>> >>>>>>settings, put in pw, click next it contacts
>> the
>> >> >pdc
>> >> >>> >>>then
>> >> >>> >>>>>>it gives me the error "failed to modify the
>> >> >>> necessary
>> >> >>> >>>>>>properties for the machine accout. access
is
>> >> >>> denied"
>> >> >>> >>>>Why
>> >> >>> >>>>>>is access denied? I am the
administrator. I
>> am
>> >> >in
>> >> >>> >>the
>> >> >>> >>>>>>administrators group. I am using my
>> credentials
>> >> >to
>> >> >>> >>log
>> >> >>> >>>>>in.
>> >> >>> >>>>>>
>> >> >>> >>>>>>Please help
>> >> >>> >>>>>>>-----Original Message-----
>> >> >>> >>>>>>>Do you get any errors when you do a
Netdiag
>> on
>> >> >the
>> >> >>> >>>>>server
>> >> >>> >>>>>>>and a DCdiag on the domain controllers?
>> >> >>> >>>>>>>when the PDC failed did you do a FSMO
move to
>> >> one
>> >> >>> of
>> >> >>> >>>>the
>> >> >>> >>>>>>>other DCs? Did you do a metadata clean up
on
>> >> that
>> >> >>> >>>>server
>> >> >>> >>>>>>>after the PDC failure? Also ensure that
the
>> >> >server
>> >> >>> >>>you
>> >> >>> >>>>>>>are promoting isn't already listed in
Active
>> >> >>> >>>Directory.
>> >> >>> >>>>>>>
>> >> >>> >>>>>>>Rich
>> >> >>> >>>>>>>
>> >> >>> >>>>>>>>-----Original Message-----
>> >> >>> >>>>>>>>Yes it is a member server right now. I
have
>> >> >>> >already
>> >> >>> >>>>>>>>removed the server from the domain and
>> tried to
>> >> >>> >>>>promote
>> >> >>> >>>>>>>it
>> >> >>> >>>>>>>>as a dc, but to no avail. this server
is a
>> >> >>> >>secondary
>> >> >>> >>>>>>dns
>> >> >>> >>>>>>>>server. I have the server pointing to
>> itself
>> >> as
>> >> >>> >>>>>primary
>> >> >>> >>>>>>>>dns and to the primary dns server as the
>> >> >secondary
>> >> >>> >>>dns.
>> >> >>> >>>>>>>>>-----Original Message-----
>> >> >>> >>>>>>>>>Is this server a member server right
now?
>> I
>> >> >have
>> >> >>> >>>had
>> >> >>> >>>>>>>>>problems promoting a member Server to a
>> DC. I
>> >> >>> have
>> >> >>> >>>>>>>always
>> >> >>> >>>>>>>>>removed the server from the domain and
then
>> >> >>> >>promoted
>> >> >>> >>>>>it
>> >> >>> >>>>>>>>>into the domain as a DC.
>> >> >>> >>>>>>>>>
>> >> >>> >>>>>>>>>The other thing to ensure is that you
are
>> >> >>> pointing
>> >> >>> >>>>the
>> >> >>> >>>>>>>>DNS
>> >> >>> >>>>>>>>>settings to the internal DNS server of
the
>> >> >domain.
>> >> >>> >>>>>>>>>
>> >> >>> >>>>>>>>>HTH
>> >> >>> >>>>>>>>>Rich
>> >> >>> >>>>>>>>>
>> >> >>> >>>>>>>>>>-----Original Message-----
>> >> >>> >>>>>>>>>>I am trying to add a domain controller
to
>> our
>> >> >>> >>>>domain.
>> >> >>> >>>>>>>>>>Already have to domain controllers
>> running.
>> >> >>> When
>> >> >>> >>I
>> >> >>> >>>>>go
>> >> >>> >>>>>>>>>>through dcpromo, I get an error "the
>> >> operation
>> >> >>> >>>>failed
>> >> >>> >>>>>>>>>>because: failed to modify the
necessary
>> >> >>> >>properties
>> >> >>> >>>>>>for
>> >> >>> >>>>>>>>>>the machine account $servername,
access is
>> >> >>> >>>denied".
>> >> >>> >>>>>>>>>>I have checked dns settings and I am
>> logging
>> >> >in
>> >> >>> >as
>> >> >>> >>>>>the
>> >> >>> >>>>>>>>>>administrator of the domain.
>> >> >>> >>>>>>>>>>Please help.
>> >> >>> >>>>>>>>>>P.s A couple of months ago our PDC
>> crashed
>> >> >and
>> >> >>> I
>> >> >>> >>>>had
>> >> >>> >>>>>>>to
>> >> >>> >>>>>>>>>>sieze the roles and assign them to
another
>> >> >>> domain
>> >> >>> >>>>>>>>>>controller. when I run dcdiag and
>> netdiag,
>> >> >>> >>>>>everything
>> >> >>> >>>>>>>>>>looks good. Please help.
>> >> >>> >>>>>>>>>>.
>> >> >>> >>>>>>>>>>
>> >> >>> >>>>>>>>>.
>> >> >>> >>>>>>>>>
>> >> >>> >>>>>>>>.
>> >> >>>
>> >> >>
>> >> >>
>> >> >>.
>> >> >>
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: Sriram.V: "RE: Exchange Error 4021"
- Previous message: Aimme Lirette MSFT: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- In reply to: Aimme Lirette MSFT: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Next in thread: Greg: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Reply: Greg: "Re: PLEASE HELP ME, THIS IS 3RD POST ALREADY"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
