Re: New AD installation issue

On Mar 15, 12:59 am, "Trust No One®" <dana.scu...@xxxxxxxx> wrote:
Norm wrote:
Hello,

I am not a pro in AD so the following problem is greek to me but may
be a simple/obvious fix.

A colleague has created a new domain for a new application's
requirements. Then a second (DB) server was added to the domain. The
new AD accounts all work fine on the DC, but I could not login to the
DB server with the AD account. (I am a member of the Administrators
group). The error that I received when I attempted to login was:
(paraphrase) "You dot not have permission to log on remotely."

Membership of the Administrators group in the domain gives you admin access
to the domain controllers (and Active Directory). However membership will
not grant you  admin access to member servers or client computers in the
domain - as you have found out :)

Membership of the Domain Admins group grants you admin privileges to the
entire domain. This is because the Domain Admins group is a member of the
Administrators group for the domain, and it is also automatically added to
the local administrators group of any server or workstation joined to the
domain.

So in your case your AD account will either need to be added to Domain
Admins for the domain, or it will need to added to the local administrators
group (if you really need full admin access that is) for your DB server.
This is usually the better option as it is not always desireable to grant
individuals blanket admin access throughout the domain.

--
Peter <X-Files fan>

Thanks for the reply Peter. Everything worked fine after I added my
self to the Domain Admins. However, why would I need to be a member of
Domain Admins in order to log into the machine remotely when my user
is already a member of Remote Desktop users? That is my main source of
confusion.
.

Relevant Pages

  • Re: No user accounts that are Enterpise Admins can connect to othe
    ... enterprise admins is not a member of local servers administrators group, ... only the domain admins group is ... Basically it is from one of the child domains connecting to member servers ... /GROUPS on a w2k3 server or use SECTOK from joeware.net) ...
    (microsoft.public.windows.server.active_directory)
  • RE: Installing Software and Permissions
    ... MCSE, CCEA, Microsoft MVP - Terminal Server ... member of Domain Admins... ... until user1 was added directly to the TS Servers Local Admins ... Server - Administrators 6) All in all the Local Administrators ...
    (microsoft.public.windows.terminal_services)
  • Re: I shot my foot off almost and the Admin cant log into the server locally
    ... server. ... Keep a backup administrator id around. ... > By default the Administrator should be a member of these groups: ... > Administrators, Domain Admins, Domain Users, Enterprise Admins, Group ...
    (microsoft.public.windows.server.sbs)
  • Re: error: Unable to connect to the registry on the server computer (<
    ... > Unable to connect to the registry on the server computer, ... > you are not a member of the OLAP Administrators group on this server. ...
    (microsoft.public.sqlserver.olap)
  • Re: Login failed for user NT AUTHORITYSYSTEM
    ... I've checked that NT AUTHORITY\SYSTEM is still a member of the Administrators group and that it has a sysadmin role in SQL Server. ... this does sound more of a security problem than a SQL problem. ...
    (microsoft.public.windows.server.sbs)