J
JohnH
I am attempting to use dcpromo to create a child domain on
a new machine in my root domain.
Dcpromo fails with the message 'Access Denied' and 'don't
have sufficient rights'. However, I've used the ifmember
tool and it shows that I am Enterprise admin and Schema
admin.
I can't find other permissions that are off. I can re-add
the machine to the domain just fine (dcpromo works enough
to take the new server out of the root domain).
Is there a policy that I am missing? What could be denying
me access?
(I've checked DNS through and through as well. The new
machine has DNS for the new domain as standard primary,
secondary for the old domain. It accepts forwards from the
other DCs and they accept from it)
Here is where I fail according to dcpromoui.log:
dcpromoui t:0x870 00819 Calling
DsRoleGetDcOperationResults
dcpromoui t:0x870 00820 Error 0x0 (!0 => error)
dcpromoui t:0x870 00821 Operation results:
dcpromoui t:0x870 00822 OperationStatus : 0x5 !0 => error
dcpromoui t:0x870 00823 DisplayString : (null)
dcpromoui t:0x870 00824 ServerInstalledSite : (null)
dcpromoui t:0x870 00825 OperationResultsFlags: 0x0
dcpromoui t:0x870 00826 Exit DoProgressLoop
dcpromoui t:0x870 00827 Exit DS::CreateNewDomain
dcpromoui t:0x870 00828 Exception caught
dcpromoui t:0x870 00829 catch completed
dcpromoui t:0x870 00830 handling exception
dcpromoui t:0x870 00831 Active Directory Installation
Failed
I've also run dcdiag with positive results:
Testing server: Default-First-Site\BARTER
Starting test: Connectivity
.......................... BARTER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\BARTER
Starting test: Replications
.......................... BARTER passed test Replications
Starting test: NCSecDesc
.......................... BARTER passed test NCSecDesc
Starting test: NetLogons
.......................... BARTER passed test NetLogons
Starting test: Advertising
.......................... BARTER passed test Advertising
Starting test: KnowsOfRoleHolders
.......................... BARTER passed test
KnowsOfRoleHolders
Starting test: RidManager
.......................... BARTER passed test RidManager
Starting test: MachineAccount
.......................... BARTER passed test MachineAccount
Starting test: Services
.......................... BARTER passed test Services
Starting test: ObjectsReplicated
.......................... BARTER passed test
ObjectsReplicated
Starting test: frssysvol
.......................... BARTER passed test frssysvol
Starting test: kccevent
.......................... BARTER passed test kccevent
Starting test: systemlog
.......................... BARTER passed test systemlog
Running enterprise tests on : comcon.local
Starting test: Intersite
.......................... comcon.local passed test
Intersite
Starting test: FsmoCheck
.......................... comcon.local passed test
FsmoCheck
a new machine in my root domain.
Dcpromo fails with the message 'Access Denied' and 'don't
have sufficient rights'. However, I've used the ifmember
tool and it shows that I am Enterprise admin and Schema
admin.
I can't find other permissions that are off. I can re-add
the machine to the domain just fine (dcpromo works enough
to take the new server out of the root domain).
Is there a policy that I am missing? What could be denying
me access?
(I've checked DNS through and through as well. The new
machine has DNS for the new domain as standard primary,
secondary for the old domain. It accepts forwards from the
other DCs and they accept from it)
Here is where I fail according to dcpromoui.log:
dcpromoui t:0x870 00819 Calling
DsRoleGetDcOperationResults
dcpromoui t:0x870 00820 Error 0x0 (!0 => error)
dcpromoui t:0x870 00821 Operation results:
dcpromoui t:0x870 00822 OperationStatus : 0x5 !0 => error
dcpromoui t:0x870 00823 DisplayString : (null)
dcpromoui t:0x870 00824 ServerInstalledSite : (null)
dcpromoui t:0x870 00825 OperationResultsFlags: 0x0
dcpromoui t:0x870 00826 Exit DoProgressLoop
dcpromoui t:0x870 00827 Exit DS::CreateNewDomain
dcpromoui t:0x870 00828 Exception caught
dcpromoui t:0x870 00829 catch completed
dcpromoui t:0x870 00830 handling exception
dcpromoui t:0x870 00831 Active Directory Installation
Failed
I've also run dcdiag with positive results:
Testing server: Default-First-Site\BARTER
Starting test: Connectivity
.......................... BARTER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\BARTER
Starting test: Replications
.......................... BARTER passed test Replications
Starting test: NCSecDesc
.......................... BARTER passed test NCSecDesc
Starting test: NetLogons
.......................... BARTER passed test NetLogons
Starting test: Advertising
.......................... BARTER passed test Advertising
Starting test: KnowsOfRoleHolders
.......................... BARTER passed test
KnowsOfRoleHolders
Starting test: RidManager
.......................... BARTER passed test RidManager
Starting test: MachineAccount
.......................... BARTER passed test MachineAccount
Starting test: Services
.......................... BARTER passed test Services
Starting test: ObjectsReplicated
.......................... BARTER passed test
ObjectsReplicated
Starting test: frssysvol
.......................... BARTER passed test frssysvol
Starting test: kccevent
.......................... BARTER passed test kccevent
Starting test: systemlog
.......................... BARTER passed test systemlog
Running enterprise tests on : comcon.local
Starting test: Intersite
.......................... comcon.local passed test
Intersite
Starting test: FsmoCheck
.......................... comcon.local passed test
FsmoCheck