Re: Unable to promote a new server
- From: Quo Vadis <quovadis@xxxxxxxxxxxxxx>
- Date: Mon, 16 Oct 2006 04:48:02 -0700
That did it Ada. By adding Administrators to that GPO it worked perfectly.
Thanks VERY much.
Joseph
""Ada Pan [MSFT]"" wrote:
Hello Joseph,.
The previous reply is actually for another issue. Sorry for the mistake.
Below is the update for this issue:
====================== Start ======================
After re-checking the files, I noticed the Default Domain Controller policy
has been modified with the following user rights assignments removed:
-Enable Computer and User Accounts to be trusted for Delegation
- Add workstations to domain
You may grant the permissions to the built-in Administrators user group and
then reboot the DC to see if you can join the addition server into this
domain. For more information, please refer to the following MS KB article:
232070 When you run Dcpromo.exe to create a replica domain controller, you
receive the "Failed to modify the necessary properties for the machine
account. Access is denied." error message
http://support.microsoft.com/default.aspx?scid=kb;EN-US;232070
If this problem persists after applying the suggestion above, I would like
to recommend that you utilize Windows Server 2003 Default Group Policy
Restore Utility (Dcgpofix.exe) to reset the Default Domain Controller
policy.
NOTE: If you are using GPMC, it is recommended that you use GPMC to backup
all GPOs in your environment. The Dcgpofix tool is a disaster-recovery tool
that will restore your environment to an initial state only. If you use the
Dcgpofix tool, Microsoft recommends that as soon as you run it, you review
the security settings in these GPOs and manually adjust the security
settings to suit your requirements.
For detailed instructions on how to use the Dcgpofix tool, please refer to
the following MS article:
Default Group Policy objects become corrupted: disaster recovery
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Opera
tions/b9db0ae7-3d25-4e5e-9320-e5db0b0c9f8a.mspx
More Information:
--------------------------
833783 The Dcgpofix tool does not restore security settings in the Default
http://support.microsoft.com/?id=833783
Q267553 How to Reset User Rights in the Default Domain Controllers GPO
http://support.microsoft.com/support/kb/articles/Q267/5/53.ASP
====================== End ======================
Hope this helps!
Regards,
Ada Pan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Follow-Ups:
- Re: Unable to promote a new server
- From: "Ada Pan [MSFT]"
- Re: Unable to promote a new server
- References:
- RE: Unable to promote a new server
- From: Quo Vadis
- RE: Unable to promote a new server
- From: Ada Pan [MSFT]
- RE: Unable to promote a new server
- From: Quo Vadis
- RE: Unable to promote a new server
- From: Ada Pan [MSFT]
- Re: Unable to promote a new server
- From: Ada Pan [MSFT]
- Re: Unable to promote a new server
- From: Vincent Xu [MSFT]
- Re: Unable to promote a new server
- From: Quo Vadis
- Re: Unable to promote a new server
- From: "Ada Pan [MSFT]"
- Re: Unable to promote a new server
- From: "Ada Pan [MSFT]"
- Re: Unable to promote a new server
- From: "Ada Pan [MSFT]"
- Re: Unable to promote a new server
- From: "Ada Pan [MSFT]"
- RE: Unable to promote a new server
- Prev by Date: Re: W2k client on 2003 AD random login on remote DC instead of local DC
- Next by Date: Remote Control Add-on for Active Directory Users & Computers
- Previous by thread: Re: Unable to promote a new server
- Next by thread: Re: Unable to promote a new server
- Index(es):
Relevant Pages
|
