DCPromo Failure

  • Thread starter Thread starter Dave
  • Start date Start date
D

Dave

Hi all,
Hope someone can help with this one as have exhausted my
resources. Have a Win2000 domain with 4 servers all
Active directory and 3 of the 4 are DC's. The fourth one
is the problem. I have been trying to dcpromo it and
received the 'Failed to modify the necessary properties
for the machine account $computername%$ "Access denied"
I have found the knowledge base article 250874 which
describes the problem to the tee but haven't had any luck
on following the instructions. I have edited my default
domain policy and added the 'admins, domain admins and
the administrators of the domain and I still receive the
same error. I have all the machines on service pack 4
also. Anyone with any idea's for me or whom have had the
same issue. I sure would appreciate some advice.

Thank you.
Dave
 
That article basically states that the source domain controller, the one
from which this problem DC is obtaining its Active Directory information,
needs to be checked to ensure that it is successfully applying the Default
Domain Controller Security Policy and that the policy includes
Administrators in the setting "Enable computer and user accounts to be
trusted for delegation". If that machine is experiencing a problem then
this machine will not be able to complete its process. The article
indicates that if the source DC (and any other dc) is problematic, you need
to turn off its Netlogon service so that the problem DC will look for
another source from which to grab its AD information.

You can determine which machine this problem domain controller sourced from
by looking through the dcpromo.log file in the winnt\debug folder. Read
through that file and it will tell you which of the other 3 domain
controllers this machine connected to for the promotion process, then check
that machine to ensure it is in the Domain Controllers OU in AD Users and
Computers and that it is getting a 1704 event in its application log
indicating that group policy applied successfully.

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top