dcpromo fails

[Stephen]

I am trying to run dcpromo to create a 2nd domain
controller but it always fails stating
"The operation failed because: Failed to modify the
necessary properties for the machine account <machinename>
Access is denied"

I am using the domain administrator account, and I only
have one domain, and I use this account to add
workstations to the domain all the time?

problem sound familiar to anyone?

 

[angryblack]

You are using the incorrect admin account. When you seup
the first domain there were a series of account that you
created. The only way this will work is if the admin
account is also the enterprise admin account. The
regular admin account that you use every day will not
work.

 

[Stephen]

The Administrator account I am using is in the Enterprise
Admins group? Is that not the real requirement?

 

[Shawn Rabourn \(MS\)]

Chances are that the other DC does not have the "Access this Computer from
the Network" user right or the "Enable computer and user accounts to be
trusted for delegation" user right on the Default Domain Controllers
Policy(right click DC's OU, properties, GP tab, DDCPolicy, edit, Comp
Config, Win Settings, Sec Settings, Local Pols, User Rights Assmt). Add
Auth Users and ENT DC's to the first (Access...) and ENT DC's to the second
(Enable...). Run secedit or gpupdate to force policy or wait 5 minutes.

--Shawn
This posting is provided "AS IS" with no warranties and confers no rights.