Either you have an incorrectly configured user right in the Default Domain
Controllers Policy or the policy isn't applying at all.
Check the user right under:
Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment\Enable Computer and User accounts to be
trusted for delegation
This right should be granted to the Administrators group.
If it is incorrectly configured fix it and run secedit /refreshpolicy
machine_policy /enforce on your 2000 DC. If it is correctly configured look
in the Application event log for any errors or warnings from SceCli or
Userenv that might shed some light on why the GPO isn't applying.
--
Brian Delaney, MCSE
"" wrote:
> When you run Dcpromo.exe to create a replica domain controller, you
> receive the "Failed to modify the necessary properties for the machine
> account. Access is denied...
>
> This is the message i receive when i try to add a windows 2003 R2 active
> directory in a windwos 2000 domain...
> I correctly run adprep option from the 2nd cd of windows 2003....
>
|
Similar Threads
Linear Mode
