Run whoami /all to verify that the "Enable computer and user accounts to be trusted for delegation" user right exists in the users security token.īy default, this right is granted to members of the Administrators security group in the target domain. Verify that the user account does the DCPROMO operation has been granted the "Enable computer and user accounts to be trusted for delegation" user right in the default domain controllers policy. If this checkbox is clicked, this can't happen. In the process of elevation to Domain Controller, the computer account for the server is deleted, and re-added as a Domain Controller. In the first section, right under the operating system information, make sure the Protect from accidental deletion checkbox is unchecked. To do this, go to the Active Directory Administrative Center, find your server under the Computers listing within your domain, open the properties. Verify that the server account is not protected from accidental deletion. If the default domain controllers policy exists in Active Directory on some domain controllers but not others, evaluate whether that inconsistency is due simple replication latency or a replication failure. Don't manually recreate the policy with the same name and settings as the default. If the policy has been deleted, contact Microsoft Support to recreate the missing policy with the default policy GUID (Globally Unique Identifier). If the domain controller policy doesn't exist, evaluate whether that condition is because of simple replication latency, an Active Directory replication failure or whether the policy has been deleted from Active Directory. Verify that the default domain controllers policy exists in Active Directory. The user account used to execute DCPROMO hasn't been granted the "Enable computer and user accounts to be trusted for delegation" user right.
The operation failed because: Active Directory Domain Services could not configure the computer account $ to the remote Active Directory Domain Controller account. "Access is denied"ĭCPROMO Demotion can fail with the same error: The operation failed because: The Active Directory Domain Services Installation Wizard was unable to convert the computer account $ to an Active Directory Domain Controller account.
#ERROR OCCURS AND MICROSOFT STUDENT DISCOUNT WINDOWS#
This article provides a solution to an Access is denied error that occurs with DCPROMO (Domain Controller Promoter).Īpplies to: Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 Original KB number: 2002413 SymptomsĭCPROMO promotion of a Windows Server 2008 or later version member computer to a replica domain controller (DC) fails with the following error:
0 kommentar(er)
