Discussion:
Error With DCPromo
(too old to reply)
Glenn
2006-04-11 18:58:43 UTC
Permalink
Greetings,

I am in the process of setting up a new 2003 server.

I currently have AD running on my Win 2000 server. I did ADPREP for both
the forest and the domain, and it seemed to be successful.

To set my new server up, I:

1) Installed the server software.
2) Joined the domain.
3) Am trying to run DCPROMO. When I do, it looks like it is working and
then it stops, I get a box to logon again (even though I'm sure that I'm
using the proper credentials - and am loggin in as Administrator) and get
this error message:

The operation failed because: The Active Directory Installation Wizard was
unable to convert the computer account AD$ to a domain controller account.
"Access is denied."

Please note that AD is the name of my new server.

I searched support.microsoft.com and got some directions that don't at all
work.

Any suggestions on what I'm doing wrong?

Thanks,
Glenn
Nathan
2006-04-11 22:38:08 UTC
Permalink
Are you running dcpromo as a member of the Domain Admins group?
Have you tried this:
Edit the Default Domain Controllers Policy-
Default Domain Policy\Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Right Assignment \ Enable computer and user
accounts to be trusted for delegation
Add the Domain Admins group

Run - secedit /refreshpolicy machine_policy /enforce. Re-run DCPROMO
Post by Glenn
Greetings,
I am in the process of setting up a new 2003 server.
I currently have AD running on my Win 2000 server. I did ADPREP for both
the forest and the domain, and it seemed to be successful.
1) Installed the server software.
2) Joined the domain.
3) Am trying to run DCPROMO. When I do, it looks like it is working and
then it stops, I get a box to logon again (even though I'm sure that I'm
using the proper credentials - and am loggin in as Administrator) and get
The operation failed because: The Active Directory Installation Wizard was
unable to convert the computer account AD$ to a domain controller account.
"Access is denied."
Please note that AD is the name of my new server.
I searched support.microsoft.com and got some directions that don't at all
work.
Any suggestions on what I'm doing wrong?
Thanks,
Glenn
Glenn
2006-04-11 22:51:16 UTC
Permalink
Yes, I've tried both of those.

Any other thoughts?
Post by Nathan
Are you running dcpromo as a member of the Domain Admins group?
Edit the Default Domain Controllers Policy-
Default Domain Policy\Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Right Assignment \ Enable computer and user
accounts to be trusted for delegation
Add the Domain Admins group
Run - secedit /refreshpolicy machine_policy /enforce. Re-run DCPROMO
Post by Glenn
Greetings,
I am in the process of setting up a new 2003 server.
I currently have AD running on my Win 2000 server. I did ADPREP for both
the forest and the domain, and it seemed to be successful.
1) Installed the server software.
2) Joined the domain.
3) Am trying to run DCPROMO. When I do, it looks like it is working and
then it stops, I get a box to logon again (even though I'm sure that I'm
using the proper credentials - and am loggin in as Administrator) and get
The operation failed because: The Active Directory Installation Wizard was
unable to convert the computer account AD$ to a domain controller account.
"Access is denied."
Please note that AD is the name of my new server.
I searched support.microsoft.com and got some directions that don't at all
work.
Any suggestions on what I'm doing wrong?
Thanks,
Glenn
Jorge de Almeida Pinto [MVP]
2006-04-17 08:54:17 UTC
Permalink
see:
When you run Dcpromo.exe to create a replica domain controller, you receive
the "Failed to modify the necessary properties for the machine account.
Access is denied." error message

Article ID: 232070
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
Post by Glenn
Greetings,
I am in the process of setting up a new 2003 server.
I currently have AD running on my Win 2000 server. I did ADPREP for both
the forest and the domain, and it seemed to be successful.
1) Installed the server software.
2) Joined the domain.
3) Am trying to run DCPROMO. When I do, it looks like it is working and
then it stops, I get a box to logon again (even though I'm sure that I'm
using the proper credentials - and am loggin in as Administrator) and get
The operation failed because: The Active Directory Installation Wizard was
unable to convert the computer account AD$ to a domain controller account.
"Access is denied."
Please note that AD is the name of my new server.
I searched support.microsoft.com and got some directions that don't at all
work.
Any suggestions on what I'm doing wrong?
Thanks,
Glenn
Loading...