LKBEN10813: You receive an error message when using DCPROMO to create a replica domain controller.
Symptom
You get one of the two error messages decribed beneath.
Cause
The promotion operation has not been assigned the "Delegation Privilege" right or the policy has not been propagated yet.
Solution
You get one of the following error messages during the creation of a Replica Domain Controller:
Message 1: Failed to modify the necessary properties for the machine account. Access is denied.
Message 2: Error - The Active Directory Installation Wizard was unable to convert the computer account <Computer Name>$ to a domain controller account. (5)
The cause of the error messages is that the promotion operation has not been assigned the "Delegation Privilege" right (only members of the Administrators group have the "Delegation Privilege" rights) or the policy has not been propagated yet.
To solve the problem you can:
If the correct rights are missing: Use an account in the Adminsitrators group or add the used account to the Administrators grou.
If the policy has not been propagated correctly: At a command prompt type "secedit /refreshpoliciy machine_policy /enforce" or open the Sites and Services snap-in and use "Replcicate now".
Disclaimer:
The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!About the Author
Author: - Keskon GmbH & Co. KG
Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.