Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Adding a DC to an existing network

Status
Not open for further replies.
MIScoord

MIScoord

MIS
Aug 21, 2001
66
0
0
US
Got a problem that's driving me bonkers. Got a file server that's sitting on a different subnet that my main DC and firewall. I'd like to turn this file server into a DC to help with login traffic. However, when I run DCPROMO I'm running into a problem. I get all the way through, to the point to where it's configuring the AD, forces a time sync with the DC, but then when it attempts to configure the server account, I get a box saying the following:

The operation failed because: Failed to modify the necessary properties for the machine account MT2$
"Access is denied. "

It then asks me to type in an account with sufficient privledges to create another DC in my domain. I've used every password I know -- my own (which has administrator privledges for the domain), the domain administrator password, even the forest administrator password -- and none of them work. I've looked all over AD Users and Computers, group policy objects, etc., and I can't even find anything that would restrict the ability to create additional DCs in a domain.

Anyone got any ideas??? Me: We need a better backup system.
My boss's boss: Backup? We don't need no stinkin' backup!
 
Sort by date Sort by votes
Is the file server currently a member of the DCs domain?

Remember, before you can promote a server to a DC in AD, the machine must first be made a member server of the existing AD domain.

It kinda makes sense, really. If you were to ask the current owner of a house to "trust" a complete stranger with the keys to the front door while they are away on vacation they would look at you like you were nuts.

If, on the other hand, the "stranger" turned out to be the homeowner's son-in-law, then the chances go way up that their "Little Princess" and her hubby could house-sit.

Having said all that...

1. Make the fileserver a member server
2. Make the domain administrative account an admin of the file server
3. Run DCpromo

Hope this helps...
 
Upvote 0 Downvote
Go to the current DC (whichever one has Active Directory on it) and get to the Active Directory Users and Computers utility. You can use this utility to pre-authorize this other computer to join the domain. That should rid you of any headaches on that matter.


Hope that helps! @=)

Catadmin - New to Server Admin, but willing to learn... All help is appreciated.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
89
DTGMI
DTGMI
mangentle
  • Locked
  • Question
What could be the potential causes if a Microsoft Windows Server is experiencing slow network!
Replies
1
Views
135
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
87
mangentle
mangentle
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
105
microsGuy16
microsGuy16
jamescpp
  • Locked
  • Question
Adding an attribute to ADLDS
Replies
1
Views
59
jamescpp
jamescpp

Part and Inventory Search

Sponsor

Back
Top