• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1329
  • Last Modified:

Windows 2008 R2: AD, no local Admin rights

Hi,

I have two Windows Server 200 R2 in my Hyper-V Test environment. One has the role of a Domain Controller and the other is a normal server. In the AD I've created a User and added him to the Domain Admins. I've joined the other Server to the Domain and added my AD User to the local Admin Group but when I login with my AD user I have no Admin rights.
I have no Idea why. Maybe the problem has something to do with the User Access Control Policy on the DC? I have no Idea what else I can try to make my AD User having Admin rights on the Server (by the way, when I login with my AD User on the DC everything works fine: I have Admin rights on the DC, but not on the other server).
I would be happy for some suggestions what I can try to make this work.
0
mr-kenny
Asked:
mr-kenny
  • 4
  • 3
1 Solution
 
penguinjasCommented:
Adding the user to local admin group on the second server you added to the domain is redundant since the user is in the domain admins group which is added to the local admin group when you add the server to the domain.

What are you attempting to do on the second server?  Can you logon?  Do you have UAC enabled on the second server?
0
 
mr-kennyAuthor Commented:
I can logon on the second server but if I try to open Computer Management for example windows tells me "Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item. I can't disable UAC for the Domain User under "User Accounts", "Change User Account Control Settings" because I can't access it.
0
 
penguinjasCommented:
Can you logon as the domain administrator account on the second server?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
mr-kennyAuthor Commented:
yes I can logon
0
 
penguinjasCommented:
Try removing the second server from the domain and joining it again and then logon as the AD user you created that is in the domain administrators group.
0
 
mr-kennyAuthor Commented:
when I do a "whoami /groups" I see "BUILTIN\Administrators   Group used for deny only".
If I disable or enable the Goup Policy on the DC it works sometimes and sometimes not. Also if I change something on the UAC Policy, it works sometime but I can't tell why.
0
 
mr-kennyAuthor Commented:
This worked, thanks. I guess the reason why this not worked the first time I've joined to the Domain, was the duplicate SID I had because of the VHD copies.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now