Before introducing a Win2003 Server Domain Controller in a Win2000 domain you must make changes to the Schema: run adprep /forestprep, and run adprep /domainprep.
So far so good, no errors reported, DCDIAG is ok, W2000 DC rebooted (there is currently only one W2000 DC with all roles).
The new W2003 is am member server of the existing W2000 domain (Schema extended). I am logged in at the W2003 server with an account of a domain admin, there exists a local administrator with same name & password.
When I try to add the W2003 Server as a DC (via DCPROMO or the server configuration assistant), everything is well done except in the end: I get a message (in german, I translate) "process failed: the assistant of AD could not convert the computer account W2003$ into a DC account. 'Access denied' "
(The ID of this error in event log is: 677, source=security, Category=Logon. ErrorCode: 0x29 etc.)
The error code points to Kerberos, but what is wrong if I use an account of a domain admin with all rights? I repeated the procedure with different accounts, removed & reentered the W2003 server from/into the domain, the error condition remains.
So far so good, no errors reported, DCDIAG is ok, W2000 DC rebooted (there is currently only one W2000 DC with all roles).
The new W2003 is am member server of the existing W2000 domain (Schema extended). I am logged in at the W2003 server with an account of a domain admin, there exists a local administrator with same name & password.
When I try to add the W2003 Server as a DC (via DCPROMO or the server configuration assistant), everything is well done except in the end: I get a message (in german, I translate) "process failed: the assistant of AD could not convert the computer account W2003$ into a DC account. 'Access denied' "
(The ID of this error in event log is: 677, source=security, Category=Logon. ErrorCode: 0x29 etc.)
The error code points to Kerberos, but what is wrong if I use an account of a domain admin with all rights? I repeated the procedure with different accounts, removed & reentered the W2003 server from/into the domain, the error condition remains.
