RE: DCpromo error; Policy problem ??

From: Nwtest (anonymous_at_discussions.microsoft.com)
Date: 04/14/04

Next message: Kashif Mughal: "How to restrict a domain user to logon on multiple machines at the same time"
Previous message: Martin: "default GPO not aplied to client admin logon."
In reply to: Tom Ausburne: "RE: DCpromo error; Policy problem ??"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 14 Apr 2004 01:03:08 -0700

Hi Tom,
Thanks for being there. I tried the following you mention
especially adding the Enterprise DC, Everyones group in
my default domain controllers policy. restarted all the DC
to make sure that netlogon and secedit applied successfuly
no errors in all of them in event viewer. I then try to
run dcpromo in my member server and I HAVE SAME Problem!

I called our entrprise admins to try the EA account in my
test DC and it works in my child domain.

I dont want to call him every time I want to add a DC.. Is
there any other workaround you know?

Thanks.
NWtest
>-----Original Message-----

>I know you have tried several things so here are a few
far fetched
>ones that I have seen:
>
>Make sure all of your existing domain controllers are
actually in the
>Domain Controllers OU in Active Directory and not in the
Computers OU.
>
>Make sure that the Default Domain Controllers policy is
actually
>linked to the Domain Controllers OU. If not link it and
use secedit
>to push the policy to all DC's in the domain.
>
>Make sure that the computer account for the machine you
are tring to
>promote is actually in the Computers OU.
>
>Add the Everyone Group to the "Enable Computer and User
Accounts to
>be trusted for Delegation" Default Domian Controllers
group policy.
>You might also make sure that Administrators, Domain
Admins and the
>Enterprise Domain Controllers group is added as well.
>
>
>Tom Ausburne (MSFT)
>Windows 2000 Directory Services
>This posting is provided "AS IS" with no warranties, and
confers no
>rights.
>
>
>.
>

Next message: Kashif Mughal: "How to restrict a domain user to logon on multiple machines at the same time"
Previous message: Martin: "default GPO not aplied to client admin logon."
In reply to: Tom Ausburne: "RE: DCpromo error; Policy problem ??"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Default Domain Controllers Policy?
... You would like to know what will "Default Domain Controllers Policy" ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
(microsoft.public.windows.server.sbs)
Re: Group policy Error; Event ID 1030 & 1058
... Machine extensions: ... Friendly name: Default Domain Controllers Policy ... User extensions: not found ...
(microsoft.public.windows.group_policy)
Re: Domain controller
... The users can login to the Domain controllers with deleted or unlinked Default Domain controllers policy, ... So if you looking why users cannot login to the DCs, ... This posting is provided "AS IS" with no warranties, ...
(microsoft.public.windows.server.active_directory)
Re: slow file transfer
... So I'm in Server Mangement. ... name.local> Domain Controllers> Default Domain Controllers Policy ... On the right I have four tabs: Scope, Details, Settings and Delegation. ...
(microsoft.public.windows.server.sbs)
Re: group policy?
... Hello George you have to do this in the Default Domain Controllers Policy at ... The only server box we have does/is all of the> following: Domain Controller, Exchange server, ISA Server. ...
(microsoft.public.win2000.active_directory)