I have 3 dc's, and want to demote one of them. Let's say
ser01, ser 02, and ser03. I want to keep 1 and 2, get rid
of 3. All FSMO's are on 1 and 2. When I run dcpromo on 3,
it fails with the following message; the operation failed
because;Active Directory could not configure the computer
account ser03$ on the remote domain controller
ser01.domain.com. "access is denied". I am using an
enterprise admin account to run dcpromo. What permissions
does the 2 and 3 dc need to be able to accept
authentication from ser03? I think it may be something in
the local policy, but have not found what it is.

I know I can force this out with ntdsutil, but would
rather fix this problem and do it cleanly.

Thanks in advance for any help.

never mind, I figured it out, thx
>-----Original Message-----
>I have 3 dc's, and want to demote one of them. Let's say
>ser01, ser 02, and ser03. I want to keep 1 and 2, get rid
>of 3. All FSMO's are on 1 and 2. When I run dcpromo on 3,
>it fails with the following message; the operation failed
>because;Active Directory could not configure the computer
>account ser03$ on the remote domain controller
>ser01.domain.com. "access is denied". I am using an
>enterprise admin account to run dcpromo. What permissions
>does the 2 and 3 dc need to be able to accept
>authentication from ser03? I think it may be something in
>the local policy, but have not found what it is.
>
>I know I can force this out with ntdsutil, but would
>rather fix this problem and do it cleanly.
>
>Thanks in advance for any help.
>.
>

Was it the 'delegation' problem?

Cary

<(E-Mail Removed)> wrote in message
news:351501c4c344$b5335850$(E-Mail Removed)...
> never mind, I figured it out, thx
> >-----Original Message-----
> >I have 3 dc's, and want to demote one of them. Let's say
> >ser01, ser 02, and ser03. I want to keep 1 and 2, get rid
> >of 3. All FSMO's are on 1 and 2. When I run dcpromo on 3,
> >it fails with the following message; the operation failed
> >because;Active Directory could not configure the computer
> >account ser03$ on the remote domain controller
> >ser01.domain.com. "access is denied". I am using an
> >enterprise admin account to run dcpromo. What permissions
> >does the 2 and 3 dc need to be able to accept
> >authentication from ser03? I think it may be something in
> >the local policy, but have not found what it is.
> >
> >I know I can force this out with ntdsutil, but would
> >rather fix this problem and do it cleanly.
> >
> >Thanks in advance for any help.
> >.
> >

Netiquette says you should post how you resolved it. Others may have the
same problem and could benefit....

--
Regards,
Hank Arnold

<(E-Mail Removed)> wrote in message
news:351501c4c344$b5335850$(E-Mail Removed)...
> never mind, I figured it out, thx