Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Add Windows 2012 R2 Domain Controller to a Windows 2003 Domain


  • Please log in to reply
7 replies to this topic

#1 dontdudeme

dontdudeme

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 11 May 2016 - 04:52 PM

I'm trying to add Windows 2012 R2 Domain Controller to a Windows 2003 Domain.

I'm stuck with an error when I try to promote windows 2012 R2 server to a domain controller in a Windows 2003 Domain.

The operation failed because:

The Active Directory Domain Services Installation Wizard (Dcpromo.exe) was unable to convert the computer account to an Active Directory Domain Controller account.

Verify that the user running Dcpromo.exe is granted the "Enable computer and user accounts to be trusted for delegation" user right in the Default Domain Controllers Policy.

For more information, see the resolution section of http://go.microsoft.com/fwlink/?

The error was:

"Access is denied."

On both the windows windows 2003 and 2012 servers when I go to the administrator account in active directory on the delegation tab to "Trust this user for delegation to any service."  I get Acccess Denied.

When I go to the 2003 server Group Policy Editor to "Enable computer and user accounts to be trusted for delegation" the Add User button is grayed out.

When I go to the 2012 server Group Policy Editor to "Enable computer and user accounts to be trusted for delegation".  I was able to add the administrator accounts.

I have Schema, Enterprise and Domain admin rights.

Both Domain and Forest level are Windows 2003.

Both Server have all updates/security patches.

From what I've read you don't have to run adprep or dcpromo with window 20012 when you run the wizard.



BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 12 May 2016 - 12:16 PM

2012 pointing to the 2003 dns server?

 

Here is a step by step guide

https://blogs.technet.microsoft.com/canitpro/2013/05/05/step-by-step-adding-a-windows-server-2012-domain-controller-to-an-existing-windows-server-2003-network/



#3 dontdudeme

dontdudeme
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 13 May 2016 - 01:13 AM

@Wand3r3r

Those were the steps I followed that got me to the error I'm having now.



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 13 May 2016 - 11:30 AM

and my first question?  at what step in the guide do you get the error?

you sure the 2003 server isn't in 2000 mode?


Edited by Wand3r3r, 13 May 2016 - 11:31 AM.


#5 dontdudeme

dontdudeme
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 13 May 2016 - 11:48 AM

@Wand3r3r

Yes.  Pointing to the 2003 dns server.

2003 server is at 2003 domain and forest level.

When I promote the 2012 server to a domain controller I get the error after it checks all the prerequisites and you click install.  After I click install I get the failed error I listed in the original post.



#6 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 AM

Posted 15 May 2016 - 10:23 AM

Are any DCs in your domain/forest running Windows 2008 and/or 2008 R2, or are they all 2003 servers? Have you run forestprep and domainprep from the 2012 installation media on a 2003 DC?

 

I know Wand3r3r, already asked, but is the server you are trying to promote already added to the domain as a Computer, and is the DNS entry for the server pointing to the 2003 DC?



#7 dontdudeme

dontdudeme
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 22 May 2016 - 11:59 PM

Finally was able to promote the server to a domain controller as follows!:

 

On the window 2003 server I Open Group Policy Management.  Drilled down Domains, Domain Controllers, then to Default Domain Controller Policy.

Right Clicked Edited Domain Controller Policy.

 

Then went to:  Computer Configuration, Policies, Windows settings,Security Settings, Local Policies, User Right Assignment.

 

Then went to: Enable computer and user accounts to be trusted for delegation and Added Administrator, and Administrators.

 

Then did a gpupdate /force from the command prompt.

 

Then was able to finish promoting the server to a domain controller successfully via the windows 2012 wizard!



#8 m_sabbir

m_sabbir

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 PM

Posted 23 May 2016 - 01:24 AM

CONGRATULATIONS BROTHER.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users