control userpasswords2 Windows 2008 hangs on adding user

Experts,

I'm in some dire need for suggestions on this issue I'm having. Background, I have 4 AD sites with 5 domain controllers (2003/2008/2008/2008R2/2008R2). I am trying to add a local administrator to the DC at each particular site (onsite IT guy) by using "control userpasswords2", then adding them to the BUILTIN administrators group. Here is the issue, on ALL of the Windows 2008/2008 R2 servers the prompt hangs after entering the group to which the new user should be added. The Windows 2003 server seems just fine. It seems that it has to do with the AD that is causing the issue, 2 of these servers are literally brand new/fresh install of 2008.

Event log gives no real information beyond application hang on netplwiz.exe.

Any ideas?
Darren KattanIT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hutnorCommented:
Have you tried adding the users & putting them in the admin group with a mmc snapin for the local machine?

0
Darren KattanIT ConsultantAuthor Commented:
It doesn't look like I can add the "Local Users and Groups" MMC for the local computer since it is a domain controller.
0
hutnorCommented:
What do you want the IT person doing at each location? Just manage the users & group at that location?

You can give a user access to an OU in AD & let them manage that.

Right click OU > Delegate control > follow the wizard & select permission as needed.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Ingram2Commented:
The built in administrator group in AD is the only local admin for the DC.
0
Darren KattanIT ConsultantAuthor Commented:
I have done the delegated control, unfortunately the admin tools for R2 are not compatible on his workstation, therefore I wanted to allow him to RDP into ONLY that server. Does that still apply if I wanted to add him to Remote Desktop Users? The wizard will still hang.
0
hutnorCommented:
get the tools that do work for his desktop & the server.

0
hutnorCommented:
If you would like him to use RDP. You will need to change the local GP to allow his user account to log on using rdp.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Darren KattanIT ConsultantAuthor Commented:
While this works, its not the answer I wanted to hear...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.