Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Windows 2008 R2: AD, no local Admin rights

Posted on 2012-08-11
7
Medium Priority
?
1,327 Views
Last Modified: 2012-08-17
Hi,

I have two Windows Server 200 R2 in my Hyper-V Test environment. One has the role of a Domain Controller and the other is a normal server. In the AD I've created a User and added him to the Domain Admins. I've joined the other Server to the Domain and added my AD User to the local Admin Group but when I login with my AD user I have no Admin rights.
I have no Idea why. Maybe the problem has something to do with the User Access Control Policy on the DC? I have no Idea what else I can try to make my AD User having Admin rights on the Server (by the way, when I login with my AD User on the DC everything works fine: I have Admin rights on the DC, but not on the other server).
I would be happy for some suggestions what I can try to make this work.
0
Comment
Question by:mr-kenny
  • 4
  • 3
7 Comments
 
LVL 6

Expert Comment

by:penguinjas
ID: 38284470
Adding the user to local admin group on the second server you added to the domain is redundant since the user is in the domain admins group which is added to the local admin group when you add the server to the domain.

What are you attempting to do on the second server?  Can you logon?  Do you have UAC enabled on the second server?
0
 
LVL 1

Author Comment

by:mr-kenny
ID: 38284722
I can logon on the second server but if I try to open Computer Management for example windows tells me "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item. I can't disable UAC for the Domain User under "User Accounts", "Change User Account Control Settings" because I can't access it.
0
 
LVL 6

Expert Comment

by:penguinjas
ID: 38284778
Can you logon as the domain administrator account on the second server?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:mr-kenny
ID: 38285272
yes I can logon
0
 
LVL 6

Accepted Solution

by:
penguinjas earned 1500 total points
ID: 38285506
Try removing the second server from the domain and joining it again and then logon as the AD user you created that is in the domain administrators group.
0
 
LVL 1

Author Comment

by:mr-kenny
ID: 38285552
when I do a "whoami /groups" I see "BUILTIN\Administrators   Group used for deny only".
If I disable or enable the Goup Policy on the DC it works sometimes and sometimes not. Also if I change something on the UAC Policy, it works sometime but I can't tell why.
0
 
LVL 1

Author Closing Comment

by:mr-kenny
ID: 38303991
This worked, thanks. I guess the reason why this not worked the first time I've joined to the Domain, was the duplicate SID I had because of the VHD copies.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question