Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Windows Server 2008 AD Domain Admins

I am setting up a staging network complete with a whole new domain. I have decided to use Server 2008. (I'll add that currently this network is run inside of a VMWare ESX environment, but that shouldn't make a difference). My problem is, when i join new 2008 servers to the domain, my domain admin account that I created does not have admin rights. It looks like it has rights with a 2003 server joined to the domain, but 2008 just will not accept domain admin privileges from AD. The only difference that I see between the 2008 and 2003 servers is that XXXDOMAIN\Domain Admins is automatically listed in the builtin administrators group on the 2003 servers, but not the 2008. If i try and add XXXDOMAIN\Domain Admins on server 2008, it says it is already a member when I apply. I assume that since DA's are implicitly local admins, they just stopped having it list the group on server 2008. Am I missing something here?  I have tried re-joining the servers to the domain, and re-adding the account to AD. Any ideas?
0
downscm
Asked:
downscm
  • 2
1 Solution
 
AmericomCommented:
I don't know the exact root cause of your issue at the moment. But just FYI, one of our domains is with Windows Server 2003 domain and when we added Windows server 2008 as member servers of the Windows Server 2003 domain, the Domain Admins group of the Windows Server 2003 domain is listed in both the Win2k3 and Win2k8 member servers' local Administrators groups.

Have you tried to use restricted group GPO to add the Domain Admins group to these Windows Server 2008 member servers and see if the Domain Admins group will show up on the local Administrators group? What I'm not too clear is that if the Domain Admin account does not have right on the Windows server 2008 machine, how could you add the Domain Admins group to the local Administrators group without access denied message but one saying it is already a member when you click on apply.
0
 
downscmAuthor Commented:
Well I added the domain admin group to the 2008 local admins using the built in local Admin account. That's why it let me do that without access denied. I have not tried using GPO's. I will look into that.  
0
 
downscmAuthor Commented:
Reinstalled DC and rebuilt domain and it is working fine now. Don't know what was wrong.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now