Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

need help...adding an additional DC 1

Status
Not open for further replies.
cbbxxxd

cbbxxxd

Technical User
Jul 30, 2002
42
0
0
US
i have a win2k adv. server with AD,DNS,DHCP all setup
it's running fine...
i'm trying to setup an backup server, so if one fails it'll take that place...

when i type in dcpromo setup everything...
towards the users name, password, domain
i get an error stating: "the operation failed because: Fail to modify the neccesary poperties for the machine account server$ Access is Denied"

can someone please tell me what am i doing wrong...
thank you in advance...
 
Sort by date Sort by votes
thank you for that post....but....
the page from microsoft is too hard to understand...

can someone please explain how??
need it to work....
thank you
 
Upvote 0 Downvote
The solution is in the resolution. All you need to do is make sure that the admin user (or group) has the correct rights.

tw
 
Upvote 0 Downvote
i've tried to setup a user with admin rights
and use the administrator password
both won't work...

am i suppose to play with the registry???

can someone please help me out....

thank u
 
Upvote 0 Downvote
To resolve this problem, use the appropriate method:
Verify that the current domain controllers in the domain have applied security policy and the Enable computer and users accounts to be trusted for delegation user right granted to the Administrators Group (click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment).

For computers that do not have this right, confirm that group policy objects in the directory service and file system have replicated, and then manually apply the policy by typing the following command:

secedit /refreshpolicy machine_policy

NOTE: Look for the following message in the application log to confirm the application of the policy:

Event ID 1704: Security Policy in the Group policy objects are applied successfully.
Stop the Netlogon service on the source domain controllers that do not have this right applied to discover another domain controller in the domain that applied this right.
Verify that the source domain controller is in the organization unit. The name of the source domain controller can be found in the hidden file called Dcpromo.log in the %Systemroot%\debug folder on the Windows 2000 server that you are trying to promote.
Open a command prompt on the source domain controller, and run the Gpresult.exe Resource Kit utility to verify that the domain controllers policy is being applied to the source domain controller.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
89
DTGMI
DTGMI
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
101
gbaughma
gbaughma
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
64
RRankin355
RRankin355
jamescpp
  • Locked
  • Question
Adding an attribute to ADLDS
Replies
1
Views
59
jamescpp
jamescpp
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
64
on3mansh0w
on3mansh0w

Part and Inventory Search

Sponsor

Back
Top