If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
Solved
Windows Server 2008 AD Domain Admins
Posted on 2009-04-03
I am setting up a staging network complete with a whole new domain. I have decided to use Server 2008. (I'll add that currently this network is run inside of a VMWare ESX environment, but that shouldn't make a difference). My problem is, when i join new 2008 servers to the domain, my domain admin account that I created does not have admin rights. It looks like it has rights with a 2003 server joined to the domain, but 2008 just will not accept domain admin privileges from AD. The only difference that I see between the 2008 and 2003 servers is that XXXDOMAIN\Domain Admins is automatically listed in the builtin administrators group on the 2003 servers, but not the 2008. If i try and add XXXDOMAIN\Domain Admins on server 2008, it says it is already a member when I apply. I assume that since DA's are implicitly local admins, they just stopped having it list the group on server 2008. Am I missing something here? I have tried re-joining the servers to the domain, and re-adding the account to AD. Any ideas?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
3 Comments
I don't know the exact root cause of your issue at the moment. But just FYI, one of our domains is with Windows Server 2003 domain and when we added Windows server 2008 as member servers of the Windows Server 2003 domain, the Domain Admins group of the Windows Server 2003 domain is listed in both the Win2k3 and Win2k8 member servers' local Administrators groups.
Have you tried to use restricted group GPO to add the Domain Admins group to these Windows Server 2008 member servers and see if the Domain Admins group will show up on the local Administrators group? What I'm not too clear is that if the Domain Admin account does not have right on the Windows server 2008 machine, how could you add the Domain Admins group to the local Administrators group without access denied message but one saying it is already a member when you click on apply.
Have you tried to use restricted group GPO to add the Domain Admins group to these Windows Server 2008 member servers and see if the Domain Admins group will show up on the local Administrators group? What I'm not too clear is that if the Domain Admin account does not have right on the Windows server 2008 machine, how could you add the Domain Admins group to the local Administrators group without access denied message but one saying it is already a member when you click on apply.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units?
This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.
Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month7 days, 14 hours left to enroll
715 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.