Problems adding additional DC

[sean]

I am trying to add anoth DC onto our network. (The server
has existed within the domain as a regular server).
Currently running win2000 sp4 running iis (intranet site)
and RAS. If I try to intall AD I get the following
error "The operation failed because: Failed to modify the
necessary properties for the machine account servername$.
Access is denied." A message lower down on the window
states: "Type the user name and password of an account
with sufficient privileges to create an additional domain
controller for the mydomain.com domain" I have used the
administrator account and my own, and still get the same
error. HELP PLEASE

 

[Shawni Jernigan \(MSFT\)]

- Verify that the current domain controllers in the domain have applied
security policy and the "Enable computer and users accounts to be trusted
for delegation" user right is granted to the Administrators Group in the
domain controllers policy

1. In the "Active Directory Users and Computers" snap-in, edit the
Default Domain Controllers Policy on the Domain Controllers
Organizational Unit.

2. Double-click Computer Configuration, then Windows Settings, then
Security Settings, then, Local Policies, and then User Rights
Assignment.

3. Under "Enable Computer and User Accounts to be trusted for
Delegation", add the appropriate account or group.

4. Apply the policy using one of the following methods:


- At a command prompt, type "secedit
/refreshpolicy machine_policy /enforce" (without the quotation
marks).

- In the the "Sites and Services" snap-in
(Dssite.msc), use the Replicate Now feature to force replication
from the domain controller on which
the policy was changed to the other domain controllers in the
domain.

To apply the updated policy, restart the domain controller.

 

[Sean]

Shawni
Thank you. (All hail the king!! he he) It worked like a
charm. It was not necessary to restart the DC. Once again
many thanks