Failed to Add a DC? Special problem

N

Nwtest

I'm still trying to fix this problem when I run DCpromo in
my DC. I have this message

Failed to modify the properties of the computer account
mydc$ "Access denied."

I have a child domain model. Do I need an enterprise admin
rights to add DC if I want to add a DC in my child domain?

I have done almost all like the following but no luck!!!

-> I tried the following workarounds but no lucks after
performing these KBID from MS
http://support.microsoft.com/?kbid=232070 and
http://support.microsoft.com/?kbid=250874
-> Rename the prospect DC to a new name, rejoin to domain,
create a new account with admin rights etc and run DCpromo
same problem!
-> I tried to build a new server put it in a different DS
site which has two DCs that are working with all know
patches from MS same problem.
->I created a new account admin account and grant a user
rights "Enable this account to be trusted for delegation"
same.
-> I ensure that all my GPOs are replicating, our local
dns is fine but no luck still
- I run DCdiag run all those test, check health of my AD,
DNS, FSMO holders no luck

NOW where is the solution?

Please assist..
Running out of patience it has been two weeks
now!!!!!!!!!!!!!!!!!!!
 
A

Aimme Lirette MSFT

Yes, you do need to be an enterprise admin to add a new DC to a child
domain.

When adding a DC there are changes made to site that the child domain admin
does not have permissions to.

Aimme
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cannot add a DC, Access Denied 1
Failed to query SPN registration on DC 1
Access Denied when trying to run DCpromo 1
Cannot a DC, HOPELESS Case 6
AD2008 Root privileges required to promote child DC? 3
remove the last/only DC in a Child domain 2
Cannot Demote DC 1
isolated DC fails to work 5

Top