Cannot Add DC, Access denied!!! nEED answer from MS

[nwtest]

Still having a problme to add a DC, I'm having this error
Failed to modify the properties of the machine account
serverx$, Access denied"

Is there any MS engineer to assist.
I almost tried so many things like this KBs and I'm tired
http://support.microsoft.com/?kbid=232070
http://support.microsoft.com/?kbid=250874

No errors from those diagnostic tools, all replicating
fine, all DCs are healthy and im using Domain admins
account.

Is there a good reply from MS or idea to fix this blooody
problem, been three weeks now! Obviously the problem is
something to do with account credentials but where is the
PROBLEM!

here is my dcpromo log under winnt\debug:

Thanks and More power !!!!!

04/15 10:59:57 [INFO] Promotion request for replica domain
controller
04/15 10:59:57 [INFO] DnsDomainName xyz.my.new.org
04/15 10:59:57 [INFO] ReplicaPartner (NULL)
04/15 10:59:57 [INFO] SiteName (NULL)
04/15 10:59:57 [INFO] DsDatabasePath C:\WINNT\NTDS,
DsLogPath C:\WINNT\NTDS
04/15 10:59:57 [INFO] SystemVolumeRootPath C:\WINNT\SYSVOL
04/15 10:59:57 [INFO] Account xyz.my.new.org\netadmin
04/15 10:59:57 [INFO] Options 196
04/15 10:59:57 [INFO] Validate supplied paths
04/15 10:59:57 [INFO] Validating path C:\WINNT\NTDS.
04/15 10:59:57 [INFO] Path is a directory
04/15 10:59:57 [INFO] Path is on a fixed disk drive.
04/15 10:59:57 [INFO] Validating path C:\WINNT\NTDS.
04/15 10:59:57 [INFO] Path is a directory
04/15 10:59:57 [INFO] Path is on a fixed disk drive.
04/15 10:59:57 [INFO] Validating path C:\WINNT\SYSVOL.
04/15 10:59:57 [INFO] Path is on a fixed disk drive.
04/15 10:59:57 [INFO] Path is on an NTFS volume
04/15 10:59:57 [INFO] Start the worker task
04/15 10:59:57 [INFO] Request for promotion returning 0
04/15 10:59:57 [INFO] Searching for a domain controller
for the domain xyz.my.new.org that contains the account MY-
DC4$

04/15 10:59:58 [INFO] Located domain controller my-
dc2.xyz.my.new.org for domain xyz.my.new.org
04/15 10:59:58 [INFO] Using site MY-Rgion2 for server
\\dc2.xyz.my.new.org

04/15 10:59:58 [INFO] Forcing time sync
04/15 10:59:58 [INFO] Forcing a time synch with
\\dc2.xyz.my.new.org
04/15 10:59:58 [INFO] Setting machine account to be DC
04/15 10:59:58 [INFO] Configuring the server account

04/15 10:59:58 [INFO] Searching for the machine account
for MY-DC4$ on \\my-dc2.xyz.my.new.org
04/15 10:59:58 [INFO] Configuring the server account

04/15 10:59:58 [INFO] NtdsSetReplicaMachineAccount
returned 5
04/15 10:59:58 [INFO] DsRolepSetMachineAccountType
returned 5
04/15 10:59:58 [INFO] Error - Failed to modify the
necessary properties for the machine account MY-DC4$
(5)
04/15 10:59:58 [INFO] The attempted domain controller
operation has completed

04/15 10:59:58 [INFO] DsRolepSetOperationDone returned 0
_________________

 

[Aimme Lirette MSFT]

Did you see this post:
Based on the help file you need to be a domain admin for the root domain, or
enterprise admin:

a.. To perform this procedure, you must be a member of the Domain Admins
group (in the parent domain) or the Enterprise Admins group in Active
Directory, or you must have been delegated the appropriate authority. As a
security best practice, consider using Run as to perform this procedure.

I believe this is because you need to be able to make changes at the site
the domain controller is going to be moved too. You could check the
permissions on that, and make sure your account has permissions there and
see if that works.


Aimme

--
This posting is provided "AS IS" with no warranties, and confers no rights.

Still having a problme to add a DC, I'm having this error
Failed to modify the properties of the machine account
serverx$, Access denied"

Is there any MS engineer to assist.
I almost tried so many things like this KBs and I'm tired
http://support.microsoft.com/?kbid=232070
http://support.microsoft.com/?kbid=250874

No errors from those diagnostic tools, all replicating
fine, all DCs are healthy and im using Domain admins
account.

Is there a good reply from MS or idea to fix this blooody
problem, been three weeks now! Obviously the problem is
something to do with account credentials but where is the
PROBLEM!

here is my dcpromo log under winnt\debug:

Thanks and More power !!!!!

04/15 10:59:57 [INFO] Promotion request for replica domain
controller
04/15 10:59:57 [INFO] DnsDomainName xyz.my.new.org
04/15 10:59:57 [INFO] ReplicaPartner (NULL)
04/15 10:59:57 [INFO] SiteName (NULL)
04/15 10:59:57 [INFO] DsDatabasePath C:\WINNT\NTDS,
DsLogPath C:\WINNT\NTDS
04/15 10:59:57 [INFO] SystemVolumeRootPath C:\WINNT\SYSVOL
04/15 10:59:57 [INFO] Account xyz.my.new.org\netadmin
04/15 10:59:57 [INFO] Options 196
04/15 10:59:57 [INFO] Validate supplied paths
04/15 10:59:57 [INFO] Validating path C:\WINNT\NTDS.
04/15 10:59:57 [INFO] Path is a directory
04/15 10:59:57 [INFO] Path is on a fixed disk drive.
04/15 10:59:57 [INFO] Validating path C:\WINNT\NTDS.
04/15 10:59:57 [INFO] Path is a directory
04/15 10:59:57 [INFO] Path is on a fixed disk drive.
04/15 10:59:57 [INFO] Validating path C:\WINNT\SYSVOL.
04/15 10:59:57 [INFO] Path is on a fixed disk drive.
04/15 10:59:57 [INFO] Path is on an NTFS volume
04/15 10:59:57 [INFO] Start the worker task
04/15 10:59:57 [INFO] Request for promotion returning 0
04/15 10:59:57 [INFO] Searching for a domain controller
for the domain xyz.my.new.org that contains the account MY-
DC4$

04/15 10:59:58 [INFO] Located domain controller my-
dc2.xyz.my.new.org for domain xyz.my.new.org
04/15 10:59:58 [INFO] Using site MY-Rgion2 for server
\\dc2.xyz.my.new.org

04/15 10:59:58 [INFO] Forcing time sync
04/15 10:59:58 [INFO] Forcing a time synch with
\\dc2.xyz.my.new.org
04/15 10:59:58 [INFO] Setting machine account to be DC
04/15 10:59:58 [INFO] Configuring the server account

04/15 10:59:58 [INFO] Searching for the machine account
for MY-DC4$ on \\my-dc2.xyz.my.new.org
04/15 10:59:58 [INFO] Configuring the server account

04/15 10:59:58 [INFO] NtdsSetReplicaMachineAccount
returned 5
04/15 10:59:58 [INFO] DsRolepSetMachineAccountType
returned 5
04/15 10:59:58 [INFO] Error - Failed to modify the
necessary properties for the machine account MY-DC4$
(5)
04/15 10:59:58 [INFO] The attempted domain controller
operation has completed

04/15 10:59:58 [INFO] DsRolepSetOperationDone returned 0
_________________

 

[Guest]

Thansk for the reply.
I'm on a child domain situation.and I'm a member of Domain
Admins group. I guess by default I should be able to join
but dont what has been changed if there is any..

Is there somthing like to reset a rights or Policy or
maybe corrupted sid.. I dont know.. Any other idea

-----Original Message-----
Did you see this post:
Based on the help file you need to be a domain admin for the root domain, or
enterprise admin:

a.. To perform this procedure, you must be a member of the Domain Admins
group (in the parent domain) or the Enterprise Admins group in Active
Directory, or you must have been delegated the appropriate authority. As a
security best practice, consider using Run as to perform this procedure.

I believe this is because you need to be able to make changes at the site
the domain controller is going to be moved too. You could check the
permissions on that, and make sure your account has permissions there and
see if that works.


Aimme

--
This posting is provided "AS IS" with no warranties, and confers no rights.

Still having a problme to add a DC, I'm having this error
Failed to modify the properties of the machine account
serverx$, Access denied"

Is there any MS engineer to assist.
I almost tried so many things like this KBs and I'm tired
http://support.microsoft.com/?kbid=232070
http://support.microsoft.com/?kbid=250874

No errors from those diagnostic tools, all replicating
fine, all DCs are healthy and im using Domain admins
account.

Is there a good reply from MS or idea to fix this blooody
problem, been three weeks now! Obviously the problem is
something to do with account credentials but where is the
PROBLEM!

here is my dcpromo log under winnt\debug:

Thanks and More power !!!!!

04/15 10:59:57 [INFO] Promotion request for replica domain
controller
04/15 10:59:57 [INFO] DnsDomainName xyz.my.new.org
04/15 10:59:57 [INFO] ReplicaPartner (NULL)
04/15 10:59:57 [INFO] SiteName (NULL)
04/15 10:59:57 [INFO] DsDatabasePath C:\WINNT\NTDS,
DsLogPath C:\WINNT\NTDS
04/15 10:59:57 [INFO] SystemVolumeRootPath C:\WINNT\SYSVOL
04/15 10:59:57 [INFO] Account xyz.my.new.org\netadmin
04/15 10:59:57 [INFO] Options 196
04/15 10:59:57 [INFO] Validate supplied paths
04/15 10:59:57 [INFO] Validating path C:\WINNT\NTDS.
04/15 10:59:57 [INFO] Path is a directory
04/15 10:59:57 [INFO] Path is on a fixed disk drive.
04/15 10:59:57 [INFO] Validating path C:\WINNT\NTDS.
04/15 10:59:57 [INFO] Path is a directory
04/15 10:59:57 [INFO] Path is on a fixed disk drive.
04/15 10:59:57 [INFO] Validating path C:\WINNT\SYSVOL.
04/15 10:59:57 [INFO] Path is on a fixed disk drive.
04/15 10:59:57 [INFO] Path is on an NTFS volume
04/15 10:59:57 [INFO] Start the worker task
04/15 10:59:57 [INFO] Request for promotion returning 0
04/15 10:59:57 [INFO] Searching for a domain controller
for the domain xyz.my.new.org that contains the account MY-
DC4$

04/15 10:59:58 [INFO] Located domain controller my-
dc2.xyz.my.new.org for domain xyz.my.new.org
04/15 10:59:58 [INFO] Using site MY-Rgion2 for server
\\dc2.xyz.my.new.org

04/15 10:59:58 [INFO] Forcing time sync
04/15 10:59:58 [INFO] Forcing a time synch with
\\dc2.xyz.my.new.org
04/15 10:59:58 [INFO] Setting machine account to be DC
04/15 10:59:58 [INFO] Configuring the server account

04/15 10:59:58 [INFO] Searching for the machine account
for MY-DC4$ on \\my-dc2.xyz.my.new.org
04/15 10:59:58 [INFO] Configuring the server account

04/15 10:59:58 [INFO] NtdsSetReplicaMachineAccount
returned 5
04/15 10:59:58 [INFO] DsRolepSetMachineAccountType
returned 5
04/15 10:59:58 [INFO] Error - Failed to modify the
necessary properties for the machine account MY-DC4$
(5)
04/15 10:59:58 [INFO] The attempted domain controller
operation has completed

04/15 10:59:58 [INFO] DsRolepSetOperationDone returned 0
_________________

.