We help IT Professionals succeed at work.

Server built in Admin group missing

ShawnGray
ShawnGray asked
on
2008R2 server was upgraded to 2012R2 then to 2019 Server.
Domain prep and Forest prep ran.
This is a SQL server, installing SQL 2017 Windows suggested to demote the server. done.
Installed SQL 2017.  

Security permissions for folders are missing domain admins.
However, I noticed that my domain.local/built in Administrator group isn't available.

Any suggestions?
How c
Comment
Watch Question

Commented:
To clarify the DC is also a SQL server?
If so was the DC promoted again?
Distinguished Expert 2017

Commented:
was therw another DC in the environment before this was demoted?
If this was the primary were the roles transferred? Prior to demotion was the health of the AD confirmed following the multple updates using
dcdiag ?

Author

Commented:
65td: it is a SQL server, no it was not promoted again.  
          Rec'd msg that it "wasn't recommended" for a sql server.

arnold: Yes, another DC is in the environment prior to demotion.
              The other Server was the primary and is currently.
               dcdiag was not ran.  Only forestprep and domainprep prior to install.    
              meta cleanup was ran after installs.
Distinguished Expert 2017

Commented:
When you look at the current admin user's account, which groups is the user a member of?
Could someone had modified the name of a security group?
On the SQL sever builtin is local to the SQL server.
To find a domain based groups, you have to search the domain for the object.
Since it was a DC, when searching it defaulted to the domain.  Since It is no longer a DC, the default search is for a local credential store, the sqlserver....  Double check the location. When you are searching.

Author

Commented:
Arnold
Looks like the only admin groups are  domain.local/Users.
No one else would have made any changes.
When searching, I have "From this location" = "domainname.local"
This looks identical to my PDC.
But the SQL server doesn't add domain admins.  Only a local admin group.

Author

Commented:
...running functions like "create a restore point" prompts me with
"windows cannot access the specified device, path.... you may not have the appropriate permissions"

Looking at folder security was where I noticed the domain/administrator was not assigned or available.
Distinguished Expert 2017
Commented:
Not sure what you are doing, what is the status of UAC?
On this SQL what DNS name server does it use/reference.
It might still be pointing to itself ...

Author

Commented:
DNS; it was the DNS settings.
Corrected this and domain admins magically appear.
Thank you arnold

Author

Commented:
DNS settings were misaligned