Windows Server 2008 AD Domain Admins

I am setting up a staging network complete with a whole new domain. I have decided to use Server 2008. (I'll add that currently this network is run inside of a VMWare ESX environment, but that shouldn't make a difference). My problem is, when i join new 2008 servers to the domain, my domain admin account that I created does not have admin rights. It looks like it has rights with a 2003 server joined to the domain, but 2008 just will not accept domain admin privileges from AD. The only difference that I see between the 2008 and 2003 servers is that XXXDOMAIN\Domain Admins is automatically listed in the builtin administrators group on the 2003 servers, but not the 2008. If i try and add XXXDOMAIN\Domain Admins on server 2008, it says it is already a member when I apply. I assume that since DA's are implicitly local admins, they just stopped having it list the group on server 2008. Am I missing something here?  I have tried re-joining the servers to the domain, and re-adding the account to AD. Any ideas?
downscmAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
downscmConnect With a Mentor Author Commented:
Reinstalled DC and rebuilt domain and it is working fine now. Don't know what was wrong.
0
 
AmericomCommented:
I don't know the exact root cause of your issue at the moment. But just FYI, one of our domains is with Windows Server 2003 domain and when we added Windows server 2008 as member servers of the Windows Server 2003 domain, the Domain Admins group of the Windows Server 2003 domain is listed in both the Win2k3 and Win2k8 member servers' local Administrators groups.

Have you tried to use restricted group GPO to add the Domain Admins group to these Windows Server 2008 member servers and see if the Domain Admins group will show up on the local Administrators group? What I'm not too clear is that if the Domain Admin account does not have right on the Windows server 2008 machine, how could you add the Domain Admins group to the local Administrators group without access denied message but one saying it is already a member when you click on apply.
0
 
downscmAuthor Commented:
Well I added the domain admin group to the 2008 local admins using the built in local Admin account. That's why it let me do that without access denied. I have not tried using GPO's. I will look into that.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.