unable to create additional domain controller

[Guest]

Hi,

I had a child domain. There was some problem with active dir some days back. I took the domain controller in restore mode, did a ntdsutil to recover and a disk clean. The ntds log file had some problem and the cluster error was corrected. After booting it again, i got the domain back. But all the group policies including the default domain policy got lost. I'm able to create new policies and it works fine, but not able to delete old policies since they are not there under the policy folder.

I'm able to add computers, users etc. I created another machine with advance server and tried to create an additional domain controller for this domain.

I got the following error.

-------------------------------------------------------------------------------------------------------------------------------------------
"The operation failed because: Failed to modify the necessary properties for the machine account machine$
"Access is denied. "

type the user name and password of an account with sufficient privileges to create an additional domain controller for the vidyarthi domain
---------------------------------------------------------------------------------------------------------------------------------------------

But the user is administrator of the domain and the machine is in this domain only. The password is right and the administrator is a member of domain admins, enterprise admins group.

I'm just in vain. Any suggestions?

-Kellogy

 

[Guest]

Can i copy only the default policy from some other domain controller and then try out. I want to get good info about resetdefpol.exe before doing that. I searched in google but count not get info. Where can i get that

----- Richard McCall [MSFT] wrote: ----

You are getting this because the admin account does not have the user righ
"Enable Users and Computer to be trusted for delegation" You have to get th
sysvol policies working. If you have policies that are no longer there
suggest using resetdefpol.exe to recreate the default domain policy for th
domain. Once this is done the dcpromo should work. What is happening is th
machine useraccountcontrol is being modified and this fail due to the lac
of user rights

--
Richard McCall [MSFT

"This posting is provided "AS IS" with no warranties, and confers n
rights.

Hi

days back. I took the domain controller in restore mode, did a ntdsutil t
recover and a disk clean. The ntds log file had some problem and the cluste
error was corrected. After booting it again, i got the domain back. But al
the group policies including the default domain policy got lost. I'm able t
create new policies and it works fine, but not able to delete old policie
since they are not there under the policy folderwith advance server and tried to create an additional domain controller fo
this domain

----------------------------------------------------------------
"The operation failed because: Failed to modify the necessar

properties for the machine account machine

"Access is denied.

to create an additional domain controller for the vidyarthi domai

------------------------------------------------------------------------- ------------------------------------------------------------------

in this domain only. The password is right and the administrator is a membe
of domain admins, enterprise admins group