I'm trying to add Windows 2012 R2 Domain Controller to a Windows 2003 Domain.
I'm stuck with an error when I try to promote windows 2012 R2 server to a domain controller in a Windows 2003 Domain.
The operation failed because:
The Active Directory Domain Services Installation Wizard (Dcpromo.exe) was unable to convert the computer account to an Active Directory Domain Controller account.
Verify that the user running Dcpromo.exe is granted the "Enable computer and user accounts to be trusted for delegation" user right in the Default Domain Controllers Policy.
For more information, see the resolution section of http://go.microsoft.com/fwlink/?
The error was:
"Access is denied."
On both the windows windows 2003 and 2012 servers when I go to the administrator account in active directory on the delegation tab to "Trust this user for delegation to any service." I get Acccess Denied.
When I go to the 2003 server Group Policy Editor to "Enable computer and user accounts to be trusted for delegation" the Add User button is grayed out.
When I go to the 2012 server Group Policy Editor to "Enable computer and user accounts to be trusted for delegation". I was able to add the administrator accounts.
I have Schema, Enterprise and Domain admin rights.
Both Domain and Forest level are Windows 2003.
Both Server have all updates/security patches.
From what I've read you don't have to run adprep or dcpromo with window 20012 when you run the wizard.