I'm running out of idea on this issue can somebody
assist.I'm kinda of Stuck on this problem now!


I'm trying to add a DC in my AD child domain setup. I have
already 3 DCs and all working fine. When I promote and run
DCpromo in a member server I got this error
"The Operation Failed: Failed to modify the necessary
properties for the machine account my.computer$
Access Denied."

I tried all work arounds like:
- rename server put it in Workgroup run DCpromo again
same!
- Ensure that my DNS and Zone copy is installed in the
server to be promoted
- Check all TCP/IP settings connectivity, comunications
channel etc no luck!
-Verify Default Domain controllers Policy and ensure
Administrators are in access to this computer; Esnure
Admins are member of Enable trusted this computer for
delegation(according to Microsoft), Ensures all
replicated NO LUCK Still.

Can somebody provide an Idea to fix this problem.
thanks

http://support.microsoft.com/?kbid=232070 and
http://support.microsoft.com/?kbid=250874

always do the trick

--

Regards

Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
matjaz@ladava.com, matjazl@mvps.org



"nwtest" wrote in message
news:175f401c418c5$db9cd950$a501280a@phx.gbl...
>
> I'm running out of idea on this issue can somebody
> assist.I'm kinda of Stuck on this problem now!
>
>
> I'm trying to add a DC in my AD child domain setup. I have
> already 3 DCs and all working fine. When I promote and run
> DCpromo in a member server I got this error
> "The Operation Failed: Failed to modify the necessary
> properties for the machine account my.computer$
> Access Denied."
>
> I tried all work arounds like:
> - rename server put it in Workgroup run DCpromo again
> same!
> - Ensure that my DNS and Zone copy is installed in the
> server to be promoted
> - Check all TCP/IP settings connectivity, comunications
> channel etc no luck!
> -Verify Default Domain controllers Policy and ensure
> Administrators are in access to this computer; Esnure
> Admins are member of Enable trusted this computer for
> delegation(according to Microsoft), Ensures all
> replicated NO LUCK Still.
>
> Can somebody provide an Idea to fix this problem.
> thanks
>

I tried your feedback but no luck.Can at least abybody
give me another workaround.

Do I need an Enterprise admins to add a DC i'm on a child
domain model.


>-----Original Message-----
>http://support.microsoft.com/?kbid=232070 and
>http://support.microsoft.com/?kbid=250874
>
>always do the trick
>
>--
>
>Regards
>
>Matjaz Ladava, MCSA, MCSE, MCT, MVP
>Microsoft MVP Windows Server - Active Directory
>matjaz@ladava.com, matjazl@mvps.org
>
>
>
>"nwtest" wrote in
message
>news:175f401c418c5$db9cd950$a501280a@phx.gbl...
>>
>> I'm running out of idea on this issue can somebody
>> assist.I'm kinda of Stuck on this problem now!
>>
>>
>> I'm trying to add a DC in my AD child domain setup. I
have
>> already 3 DCs and all working fine. When I promote and
run
>> DCpromo in a member server I got this error
>> "The Operation Failed: Failed to modify the necessary
>> properties for the machine account my.computer$
>> Access Denied."
>>
>> I tried all work arounds like:
>> - rename server put it in Workgroup run DCpromo again
>> same!
>> - Ensure that my DNS and Zone copy is installed in the
>> server to be promoted
>> - Check all TCP/IP settings connectivity, comunications
>> channel etc no luck!
>> -Verify Default Domain controllers Policy and ensure
>> Administrators are in access to this computer; Esnure
>> Admins are member of Enable trusted this computer for
>> delegation(according to Microsoft), Ensures all
>> replicated NO LUCK Still.
>>
>> Can somebody provide an Idea to fix this problem.
>> thanks
>>
>
>
>.
>

Yes you need to be EA to add DC in ad as there are some object writtn to
configuration section of AD that needs EA permissions for this to be
possible.

--

Regards

Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
matjaz@ladava.com, matjazl@mvps.org



"Nwtest" wrote in message
news:187e301c41aeb$94822390$a101280a@phx.gbl...
>
> I tried your feedback but no luck.Can at least abybody
> give me another workaround.
>
> Do I need an Enterprise admins to add a DC i'm on a child
> domain model.
>
>
>>-----Original Message-----
>>http://support.microsoft.com/?kbid=232070 and
>>http://support.microsoft.com/?kbid=250874
>>
>>always do the trick
>>
>>--
>>
>>Regards
>>
>>Matjaz Ladava, MCSA, MCSE, MCT, MVP
>>Microsoft MVP Windows Server - Active Directory
>>matjaz@ladava.com, matjazl@mvps.org
>>
>>
>>
>>"nwtest" wrote in
> message
>>news:175f401c418c5$db9cd950$a501280a@phx.gbl...
>>>
>>> I'm running out of idea on this issue can somebody
>>> assist.I'm kinda of Stuck on this problem now!
>>>
>>>
>>> I'm trying to add a DC in my AD child domain setup. I
> have
>>> already 3 DCs and all working fine. When I promote and
> run
>>> DCpromo in a member server I got this error
>>> "The Operation Failed: Failed to modify the necessary
>>> properties for the machine account my.computer$
>>> Access Denied."
>>>
>>> I tried all work arounds like:
>>> - rename server put it in Workgroup run DCpromo again
>>> same!
>>> - Ensure that my DNS and Zone copy is installed in the
>>> server to be promoted
>>> - Check all TCP/IP settings connectivity, comunications
>>> channel etc no luck!
>>> -Verify Default Domain controllers Policy and ensure
>>> Administrators are in access to this computer; Esnure
>>> Admins are member of Enable trusted this computer for
>>> delegation(according to Microsoft), Ensures all
>>> replicated NO LUCK Still.
>>>
>>> Can somebody provide an Idea to fix this problem.
>>> thanks
>>>
>>
>>
>>.
>>