General discussion

Locked

Problem in creating addtional DC

By hamatt77 ·
Hi all,

I am trying to create an addtional Domain Controller using Windows 2000 server, but it give me a problem "Failed to modify the necessary properties for the machine account (Access is denied)" and notice that I have create addtional DC pefore without this problem is comaing

thanks

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Parbo In reply to Problem in creating addti ...

Follow this link and try their solution:
Remove spaces if necessary.
http://www.jsiinc.com/SUBG/TIP3000/rh3034.htm

Here's another possible fix
Verify that the default Ntds.dit file permissions in the System32 folder are:

System32\Ntds.dit
BUILTIN\Users: Read [RX]
BUILTIN\Power Users: Read [RX]
BUILTIN\Administrators: Full Control [ALL]
NT AUTHORITY\SYSTEM: Full Control [ALL]
Everyone: Read [RX]


Set the Delegation Privilege on the Group Policy Object

In the Active Directory Users and Computers snap-in, edit the Default Domain Controllers Policy on the Domain Controllers Organizational Unit.
Double-click Computer Configuration, then Windows Settings, then Security Settings, then, Local Policies, and then User Rights Assignment.
Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group.
Apply the policy using one of the following methods:
At a command prompt, type secedit /refreshpolicy machine_policy /enforce.
In the the Sites and Services snap-in (Dssite.msc), use the Replicate Now feature to force replication from the domain controller on which the policy was changed to the other domain controllers in the domain.

To apply the updated policy, restart the domain controller.

We had the same problem, we also added Administrator to the Access this computer from the Network Group Policy Object.


Good luck

Back to Windows Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums