Windows 2003 Server - Domain Admins don't have Admin Rights on W2K3 servers

We have recently added 2 Windows 2003 servers to a domain.  The other machines on the domain and the DNS server are Windows 2000 systems with the latest service packs.  I verfied that the W2K3 systems are defined to the DNS active directory (again, the DNS server is a Windows 2000 server).  I can log on to the Windows 2003 systems as a Domain Administrator, but I seem to have limited administrative rights.  For example, I was able to install SQL Server 2000, but I can't define other network users to the Windows 2003 systems (i.e., when attempting to add domain users to the system, the Windows 2003 servers are only allowing me to access local user accounts, even thought I'm logged in as a Domain Administrator.  Is there some incompatability issue with Windows 2003 servers running in a domain controlled by a Windows 2000 server?  Is there something I need to set in the security or local policies on the 2003 systems?  I appreciate any suggestions you might have.
Who is Participating?
Netman66Connect With a Mentor Commented:
Have you added the new servers as member servers?

If so, you need to take a look at the local Administrators group on the servers to make sure the Domain Admins group is a member.

If it is, then there might be policies at work in the domain for Restricted Groups that is "undoing" the group nesting.

Create a new OU in your AD called Member Servers.  Move the member servers into this OU.  Right click the OU and select Properties, then Group Policy tab, then check the box at the bottom for Block Policy Inheritance.

Let us know if your Domain Admin Account feels better now.
are the win2003 servers Domain Controllers?

expresivqaAuthor Commented:
Hi tonyteri,
Thanks for your response.  No, neither of the Windows 2003 servers are domain controllers.  The domain controller is a Windows 2000 server.  Of the Windows 2003 servers, one is running Windows 2003 'Standard' edition and is being used as a database server.  The other 2003 system is running Windows 2003 'Web Edition' and is being used as a Web application server.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Hi tonyteri
Please check the dialog log you are using to add users, it should have and entry (The second one from top) called "From This Location:", just make sure that you have the domain name in there, if not then press the button "Locations" and choose your domain from the popup windows, then press ok.
hope this might help.

I ment the Dialog Box,  Sorry :)
expresivqaAuthor Commented:
Thanks folks.  I really appreciate the comments.  I know that I'm showing my very novice level of networking computers here, but:
1.  Netman66, what do your acronyms 'OU' and 'AD' mean?
2.  CapFaris - On the 2003 servers, when I click the 'Locations' button, it is only giving me the machine's domain; not the network domain, even though I'm logged into the machine as a Domain Administrator.
OU=Organizational Unit
AD= Active Directory

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.