Problems adding a DC to Active Directory!!

[Eddiefdz]

After about one month of fighting with this i still have a problem adding a 2000 Server, member server to my active direcotry domain. I currently have only one server running active directory. I now want to attach this second server to the active directory. I run dcpromo and i enter all the information etc. Once the computer begins to transfer the active directory info, i get a message telling me that "Access is denied when trying to add this server to the active directory" it says please use a username with the correct administrative privileges to add a computer to the domain. Now, the username and pass that i am using is the administrator account. I made sure the the admin account is an enterprize admin as well as this account has complete access to all folders etc. I see no reason why this should happen. I also checked my DNS's i have this server in the forward and reverse lookup zones with the correct ip addresses. There is communication between the two servers, i could ping back and forth and the name resolution is also there. I have checked the hosts files and the servers ip address is also there. I have checked the ms knowledge base and i have tried a bunch of different fixes and i still cannot find what the problem seems to be.
I NEED HELP!!!! THANKS..
Eddie Fernandez
CCNA, Network+, A+, MCP

 

[CoolClark]

Have you enabled computer and users accounts to be trusted for delegation? Check out this article:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q250874&

 

[Eddiefdz]

Yes i have already checked that... Thanks, Eddie Fernandez
CCNA, Network+, A+, MCP

 

[CoolClark]

I had the same problem demoting a DC. It turned out to be the DC wasn't in the Domain Controller group. Now I don't think this is the problem you are having but it might be related to the computer being denied acces rather then you as the Admin.

 

[Eddiefdz]

Well no, this computer is not in the domain controller group. Its just a member server which i want to add to the AD. I guess your problems was different because the server was already in the DC group. Can you think of anything else.

Thanks, Eddie Fernandez
CCNA, Network+, A+, MCP

 

[CoolClark]

What I'm trying to say is check the security/permissions of the server. I was receiving the error because the DC had the wrong permissions not the ADMIN user.

 

[GlenJohnson]

Also check and see if browsing is turned off on the new server. It may think another machine is the master browser. I had this problem with w2k pro machines. They thought other pro machines were the master browser. Once it's a dc, you can turn browsing back on. (This of course is a shot in the dark, but any info helps. Right?) Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.

 

[Blutch]

Only thing I can think about is the rights on your Sysvol share. Are they OK?

Blutch

 

[buddafish]

microsoft says you have to use an account in the Domain Administrators group to add a dc to a pre-existing domain.

 

[tlcscousin]

Try logging on to the member server itself not to the domain (logon locally)as the administrator and run dcpromo from the local machine.When prompted then use the domain administrator account.