We help IT Professionals succeed at work.
Get Started
PRE-CREATE READ-ONLY DOMAIN CONTROLLER - ACCESS DENIED
Hi,
I have 2 DC's (2008 R2) running on function level 2008. I'm trying to add a 2008 R2 RODC, but i got an error, so i tried to pre-create a read only domain controller but getting the same error, here from debug:
dcpromoui 1360.15E0 07A8 12:31:16.093 Enter CLdapExpressionPresent::Co
dcpromoui 1360.15E0 07A9 12:31:16.093 ==> false
dcpromoui 1360.15E0 07AA 12:31:16.093 ==> true
dcpromoui 1360.15E0 07AB 12:31:16.093 msDS-RevealOnDemandGroup: replace
dcpromoui 1360.15E0 07AC 12:31:16.093 <SID=01050000000XXXXXXXXXX
dcpromoui 1360.15E0 07AD 12:31:16.093 ldap_add("CN=DC900,OU=Doma
dcpromoui 1360.15E0 07AE 12:31:16.140 _lastLdapError_ <- "50"
dcpromoui 1360.15E0 07AF 12:31:16.140 ldap_add(CN=DC900,OU=Domai
00000522: SecErr: DSID-031A1190, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
dcpromoui 1360.15E0 07B0 12:31:16.140 Enter GetErrorMessage 80070005
dcpromoui 1360.15E0 07B1 12:31:16.140 ***** EXCEPTION: 80070005 The operation cannot continue because LDAP add operation failed: object "CN=DC900,OU=Domain Controllers,DC=REMOVED,DC=
dcpromoui 1360.15E0 07B2 12:31:16.140 Enter CLdapOperationDisconnect::
dcpromoui 1360.15E0 07B3 12:31:16.140 ExecuteScript() failed:
The operation cannot continue because LDAP add operation failed: object "CN=DC900,OU=Domain Controllers,DC=REMOVED,DC=
dcpromoui 1360.15E0 07B4 12:31:16.140 Rolling back script operations
dcpromoui 1360.15E0 07B5 12:31:16.140 Enter CLdapContext::ExecuteScrip
dcpromoui 1360.15E0 07B6 12:31:16.140 Enter CLdapOperationBlock::Execu
dcpromoui 1360.15E0 07B7 12:31:16.140 Rollback successful
dcpromoui 1360.15E0 07B8 12:31:16.140 FAIL
I tried making the server part of the domain, but still the same problem.
The debug information does not give me much to go on.
I tried with different users. My admin user is member of all admin groups, as well as some other groups, still same problem. We have pretty strict group policies.
I have 2 DC's (2008 R2) running on function level 2008. I'm trying to add a 2008 R2 RODC, but i got an error, so i tried to pre-create a read only domain controller but getting the same error, here from debug:
dcpromoui 1360.15E0 07A8 12:31:16.093 Enter CLdapExpressionPresent::Co
dcpromoui 1360.15E0 07A9 12:31:16.093 ==> false
dcpromoui 1360.15E0 07AA 12:31:16.093 ==> true
dcpromoui 1360.15E0 07AB 12:31:16.093 msDS-RevealOnDemandGroup: replace
dcpromoui 1360.15E0 07AC 12:31:16.093 <SID=01050000000XXXXXXXXXX
dcpromoui 1360.15E0 07AD 12:31:16.093 ldap_add("CN=DC900,OU=Doma
dcpromoui 1360.15E0 07AE 12:31:16.140 _lastLdapError_ <- "50"
dcpromoui 1360.15E0 07AF 12:31:16.140 ldap_add(CN=DC900,OU=Domai
00000522: SecErr: DSID-031A1190, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
dcpromoui 1360.15E0 07B0 12:31:16.140 Enter GetErrorMessage 80070005
dcpromoui 1360.15E0 07B1 12:31:16.140 ***** EXCEPTION: 80070005 The operation cannot continue because LDAP add operation failed: object "CN=DC900,OU=Domain Controllers,DC=REMOVED,DC=
dcpromoui 1360.15E0 07B2 12:31:16.140 Enter CLdapOperationDisconnect::
dcpromoui 1360.15E0 07B3 12:31:16.140 ExecuteScript() failed:
The operation cannot continue because LDAP add operation failed: object "CN=DC900,OU=Domain Controllers,DC=REMOVED,DC=
dcpromoui 1360.15E0 07B4 12:31:16.140 Rolling back script operations
dcpromoui 1360.15E0 07B5 12:31:16.140 Enter CLdapContext::ExecuteScrip
dcpromoui 1360.15E0 07B6 12:31:16.140 Enter CLdapOperationBlock::Execu
dcpromoui 1360.15E0 07B7 12:31:16.140 Rollback successful
dcpromoui 1360.15E0 07B8 12:31:16.140 FAIL
I tried making the server part of the domain, but still the same problem.
The debug information does not give me much to go on.
I tried with different users. My admin user is member of all admin groups, as well as some other groups, still same problem. We have pretty strict group policies.
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE