Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problems joining a domain with dcpromo

Status
Not open for further replies.
WilliamUT

WilliamUT

IS-IT--Management
Oct 8, 2002
182
0
0
US
Hi last night i was having problems demoting a server and now im having problems promoting that server back onto the dc. I got suspicious wondering if it was just that one server that was having problems so i loaded a test server and tried promoting it and i get the same problem. The error i get is :

The operation failed because: Failed to modify the necessary properties for the machine account IS-5-155$
"Access is denied. "

it then prompts me for a password asking for a user account that have sufficient rights to perform the action. I am using the domain administrative account and have tried 3 other administrator account and it still gives me the access denied error. I jumped on the dc console and went into my computer accounts ou and tried to trust my pc for delegation and it said i dont have suffiecient rights as administrator to perform this action...

something on my dc security is really messed up im thinking has anybody else had this problem or know of a way to resolve it? Thanks

Bill
 
Sort by date Sort by votes
WilliamUT

Check for a hijacker I had the same problem and checked for hijackers and found the firedaemon running in my services.

Go to there is a windows 2000 security alert bulliten that can assist










bob

"ZOINKS !!!!!"

Shaggy
 
Upvote 0 Downvote
that link is broken do you have a different or correct one?
thanks for the help
 
Upvote 0 Downvote
doesnt look like i have a hijacker on my server any other suggestions?
 
Upvote 0 Downvote
Make sure you have Enterprise administrator rights in the domain .........
 
Upvote 0 Downvote
all 3 administrator accounts have enterprise admin rights that was the first thing I checked.
 
Upvote 0 Downvote
I guess the next ting I would check for is to make sure that all the fsmo roles are still there on the remaining dc or dcs.... There should be 5, plus 1 global catalog server.
 
Upvote 0 Downvote
I agree with vbrocks, looks like one of the fsmo roles is not available.
 
Upvote 0 Downvote
All my FSMO Roles are accurate and am having the same problem. Did you figure out how to resolve this issue?

Any help would be appreciated.

Thanks,
J.Rose
 
Upvote 0 Downvote
I have the same Problem guys!and I almost try everything Even this two KBIDs frm Microsoft and

Any other idea.. Running out of idea.

In my configuration I have a child domain structure.

Do I need an enterprise admins rights to add DC in my Child domains? I dont thinks so this is the only thing I never tried yet!

Please advise for some ideas
 
Upvote 0 Downvote
The next thing I would check are the Group policies and security policies of the domain......
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Question
Problem with PDFs in IIS
Replies
1
Views
244
gbaughma
gbaughma
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
189
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
80
ADB100
ADB100
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
144
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
84
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top