RE: Must be a member of domain admins...

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Rebecca L. Casselman [MSFT] (rebc_at_online.microsoft.com)
Date: 03/21/04 

Date: Sun, 21 Mar 2004 22:47:11 GMT

Hi,

I'm assuming you are receiving this error when trying to upgrade Exchange
on the machine. Please try the following:

If you have multiple domain controllers, verify that all domain controllers
on the network are assigned as a Global Catalog server.

1. Open Active Directory Sites and Services.
2. Expand Sites, expand Default-First-Site-Name, expand Servers, expand
your server, right-click NTDS Settings and verify that each domain
controller is a Global Catalog server.
2. After the changes, reboot all domain controllers, or wait for the
replication to complete.

Remove and re-add Domain Admins, Schema Admins, and Enterprise Admins to
the built-in Administrator account.

1. Create a new admin account called Admin2. Assign Administrators, Domain
Admins, Domain Users, Enterprise Admins, Group Policy Creator Owners,
Mobile Users, and Schema Admins to the account.
2. Logon to the SBS server as Admin2.
3. Use AD Users and Computers snap-in, remove Domain Admins, Schema Admins,
and Enterprise Admins group from the built-in Adminstrator account. Click
Apply.
4. Add Domain Admins, Schema Admins, and Enterprise Admins group back to
the built-in Adminstrator account. Click Apply.
5. Logoff from the SBS server.
6. If you have additional domain controllers on the network, logon to each
server and repeat Steps 3 and 4.
7. Logon to the SBS machine as the built-in Administrator and restart the
SBS Integrated Setup.

Best Regards,

Rebecca Casselman MCDBA, MCSA, MCSE NT4/2000
Microsoft Online Support Engineer

Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Relevant Pages

  • Re: "Server Operators" user rights on Domain Controllers
    ... If these people are in the Server Operators group in AD then they already have the rights necessary to take Domain Admin and even Enterprise Admin. ... Server Operators only works on Domain Controllers, the group is a builtin group with a SID that has no domain affinity. ... The local IT personel at each site are members of the "Server Operators" group in AD and the "local Admins" group on member servers. ...
    (microsoft.public.windows.server.active_directory)
  • Re: dns administration delegation
    ... domain controllers are in site B ... I want admins from site A to be able to manage only the DNS servers at ... and have always done it with a GPO to delegate control of the service. ... I am not even sure that permissions you are actually delegating there -- ...
    (microsoft.public.windows.server.dns)
  • Re: Local admin user rights on remote DC
    ... admins group just to do that function and then remove them. ... Group Policy to deny their user accounts to specific mmc snapins they do not ... Software Installation to "assign" those packages to the domain controllers. ... > not install any software specific for the site (like antivirus, ...
    (microsoft.public.windows.server.security)
  • Re: Domain Controller Administration
    ... uninstall or update applications without ... >> many domain administrators because application support ... >> people as local admins on member servers but now I need ... >> to do something on the domain controllers. ...
    (microsoft.public.win2000.security)
  • Re: Non domain admins installing software on domain controllers
    ... I don't recommend giving non-domain admins local logon rights to a DC at ... In fact in our company we have some 350 Domain Controllers spread ... > of domain controllers and member servers distributed through out ... > install patches as and when they become available. ...
    (microsoft.public.win2000.security)