We help IT Professionals succeed at work.

Server built in Admin group missing

ShawnGray asked
2008R2 server was upgraded to 2012R2 then to 2019 Server.
Domain prep and Forest prep ran.
This is a SQL server, installing SQL 2017 Windows suggested to demote the server. done.
Installed SQL 2017.  

Security permissions for folders are missing domain admins.
However, I noticed that my domain.local/built in Administrator group isn't available.

Any suggestions?
How c
Watch Question

To clarify the DC is also a SQL server?
If so was the DC promoted again?
Distinguished Expert 2017

was therw another DC in the environment before this was demoted?
If this was the primary were the roles transferred? Prior to demotion was the health of the AD confirmed following the multple updates using
dcdiag ?


65td: it is a SQL server, no it was not promoted again.  
          Rec'd msg that it "wasn't recommended" for a sql server.

arnold: Yes, another DC is in the environment prior to demotion.
              The other Server was the primary and is currently.
               dcdiag was not ran.  Only forestprep and domainprep prior to install.    
              meta cleanup was ran after installs.
Distinguished Expert 2017

When you look at the current admin user's account, which groups is the user a member of?
Could someone had modified the name of a security group?
On the SQL sever builtin is local to the SQL server.
To find a domain based groups, you have to search the domain for the object.
Since it was a DC, when searching it defaulted to the domain.  Since It is no longer a DC, the default search is for a local credential store, the sqlserver....  Double check the location. When you are searching.


Looks like the only admin groups are  domain.local/Users.
No one else would have made any changes.
When searching, I have "From this location" = "domainname.local"
This looks identical to my PDC.
But the SQL server doesn't add domain admins.  Only a local admin group.


...running functions like "create a restore point" prompts me with
"windows cannot access the specified device, path.... you may not have the appropriate permissions"

Looking at folder security was where I noticed the domain/administrator was not assigned or available.
Distinguished Expert 2017
Not sure what you are doing, what is the status of UAC?
On this SQL what DNS name server does it use/reference.
It might still be pointing to itself ...


DNS; it was the DNS settings.
Corrected this and domain admins magically appear.
Thank you arnold


DNS settings were misaligned