We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
2 days, 11 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Windows Server 2008 AD Domain Admins
Posted on 2009-04-03
I am setting up a staging network complete with a whole new domain. I have decided to use Server 2008. (I'll add that currently this network is run inside of a VMWare ESX environment, but that shouldn't make a difference). My problem is, when i join new 2008 servers to the domain, my domain admin account that I created does not have admin rights. It looks like it has rights with a 2003 server joined to the domain, but 2008 just will not accept domain admin privileges from AD. The only difference that I see between the 2008 and 2003 servers is that XXXDOMAIN\Domain Admins is automatically listed in the builtin administrators group on the 2003 servers, but not the 2008. If i try and add XXXDOMAIN\Domain Admins on server 2008, it says it is already a member when I apply. I assume that since DA's are implicitly local admins, they just stopped having it list the group on server 2008. Am I missing something here? I have tried re-joining the servers to the domain, and re-adding the account to AD. Any ideas?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
3 Comments
I don't know the exact root cause of your issue at the moment. But just FYI, one of our domains is with Windows Server 2003 domain and when we added Windows server 2008 as member servers of the Windows Server 2003 domain, the Domain Admins group of the Windows Server 2003 domain is listed in both the Win2k3 and Win2k8 member servers' local Administrators groups.
Have you tried to use restricted group GPO to add the Domain Admins group to these Windows Server 2008 member servers and see if the Domain Admins group will show up on the local Administrators group? What I'm not too clear is that if the Domain Admin account does not have right on the Windows server 2008 machine, how could you add the Domain Admins group to the local Administrators group without access denied message but one saying it is already a member when you click on apply.
Have you tried to use restricted group GPO to add the Domain Admins group to these Windows Server 2008 member servers and see if the Domain Admins group will show up on the local Administrators group? What I'm not too clear is that if the Domain Admin account does not have right on the Windows server 2008 machine, how could you add the Domain Admins group to the local Administrators group without access denied message but one saying it is already a member when you click on apply.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Looking for a way to block an executable on one Terminal Server for all users | 6 | 42 | |
| user Log on times in AD | 5 | 41 | |
| Group policy and test domains | 2 | 37 | |
| [Window server 2008 SP1 build 7601 x64] The update is not applicable to your computer | 11 | 66 |
Background Information
Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed.
Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource.
Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month2 days, 11 hours left to enroll
752 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.