'Lo, all.
I have a server that I cannot promote to be a domain controller. Initially
I tried to make it a root DC, for a new forest, but ran into issues, so I
have tried to add it to another forest, as an additional DC (at the root
level.)
The existing DC is new, I built it clean, creating a new forest, last week.
There was one admin acct., no policies, default security, default
permissions, no changes at all.
I then formatted the new box, and installed W2K server. (no SP's on either
server.) I joined it to the domain, using the administrator account. No
issues.
Then I ran DCPROMO, to promote it. Went through all of the questions, no
issues, until it started to actually promote it. Then I get an "access
denied" error, and it reports that I need to use an account that has the
right to create an additional domain controller. (Exactly as described in
TechNet article Q232070.) However, as indicated, I'm using the only
administrator acct. So, I created a new admin account, and explicitly gave
this account the "Delegation Privilege" right. It made no difference.
For specifics, the system in question is:
Asus P2B-S system board (Latest ROM, 1012, IIRC))
IBM 4GB UW SCSI drive (don't have the model handy) - OS
Compaq 4GB UW SCSI drive (don't have the model handy) - AD, Logs
P-II 350, 256MB RAM W2K Server
When I tried to promote this box to be a DC for a *new* forest, I get the
same "Access Denied" error, but the logs are slightly different, I can't
recall what the difference was though. There was one TechNet article that
seemed to cover the problem, and it was related to permissions on either the
sysvol folder, or the NTDS folder. I gave both folders FULL CONTROL for
everyone, that didn't matter either. (The box had just been formatted, with
a fresh install too...)
Any thoughts? Thanks,
Tyson Leslie.
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
