General discussion


Problem in creating addtional DC

By hamatt77 ·
Hi all,

I am trying to create an addtional Domain Controller using Windows 2000 server, but it give me a problem "Failed to modify the necessary properties for the machine account (Access is denied)" and notice that I have create addtional DC pefore without this problem is comaing


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Parbo In reply to Problem in creating addti ...

Follow this link and try their solution:
Remove spaces if necessary.

Here's another possible fix
Verify that the default Ntds.dit file permissions in the System32 folder are:

BUILTIN\Users: Read [RX]
BUILTIN\Power Users: Read [RX]
BUILTIN\Administrators: Full Control [ALL]
Everyone: Read [RX]

Set the Delegation Privilege on the Group Policy Object

In the Active Directory Users and Computers snap-in, edit the Default Domain Controllers Policy on the Domain Controllers Organizational Unit.
Double-click Computer Configuration, then Windows Settings, then Security Settings, then, Local Policies, and then User Rights Assignment.
Under Enable Computer and User Accounts to be trusted for Delegation, add the appropriate account or group.
Apply the policy using one of the following methods:
At a command prompt, type secedit /refreshpolicy machine_policy /enforce.
In the the Sites and Services snap-in (Dssite.msc), use the Replicate Now feature to force replication from the domain controller on which the policy was changed to the other domain controllers in the domain.

To apply the updated policy, restart the domain controller.

We had the same problem, we also added Administrator to the Access this computer from the Network Group Policy Object.

Good luck

Related Discussions

Related Forums