Link to home
Start Free TrialLog in
Avatar of dpsys
dpsys

asked on

Domain Admins not automatically added to the Builtin Admins group on member servers

I have a three-node test network that has one AD server and two other servers (all installed with Windows Server 2008 Enterprise Edition). My problem is that when the non-AD servers are added to the domain the Domain Admins group is not automatically added to the Builtin Administrators group on the new member servers.  I could be wrong, but I was under the impression that any time a computer is added to a domain that the new member computer would automatically have the Domain Admins group added to the Builtin Administrators group.
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Yes they should be added to the admin group on member servers and workstations.  Do you have any sort of restricted group group policy that sets the membership on the servers?
Thanks
Mike
Avatar of dpsys
dpsys

ASKER

I don't think so because the servers are all installed using a template which I created from scratch with a Server 2008 Ent ISO.
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of dpsys

ASKER

I'm already on it, but at this rate (meetings, etc.) it may take until Monday to get it done. I will post the results as soon as I can. Thanks for the comments.
Use RSOP.msc and verify if there's any GPO configuring restricted groups.
Avatar of dpsys

ASKER

The problem was with the VM Template. It looks like the DC and the two member servers had all the same SIDs due to using the same template for all three VMs. When I added a new machine (not from a template) to the domain, it worked fine. I just recreated the template using a sysprep file and it's working fine now. Thanks for the input guys.
Nice work creating the new template.
Thanks
Mike