ShawnGray
asked on
Server built in Admin group missing
2008R2 server was upgraded to 2012R2 then to 2019 Server.
Domain prep and Forest prep ran.
This is a SQL server, installing SQL 2017 Windows suggested to demote the server. done.
Installed SQL 2017.
Security permissions for folders are missing domain admins.
However, I noticed that my domain.local/built in Administrator group isn't available.
Any suggestions?
How c
Domain prep and Forest prep ran.
This is a SQL server, installing SQL 2017 Windows suggested to demote the server. done.
Installed SQL 2017.
Security permissions for folders are missing domain admins.
However, I noticed that my domain.local/built in Administrator group isn't available.
Any suggestions?
How c
was therw another DC in the environment before this was demoted?
If this was the primary were the roles transferred? Prior to demotion was the health of the AD confirmed following the multple updates using
dcdiag ?
If this was the primary were the roles transferred? Prior to demotion was the health of the AD confirmed following the multple updates using
dcdiag ?
ASKER
65td: it is a SQL server, no it was not promoted again.
Rec'd msg that it "wasn't recommended" for a sql server.
arnold: Yes, another DC is in the environment prior to demotion.
The other Server was the primary and is currently.
dcdiag was not ran. Only forestprep and domainprep prior to install.
meta cleanup was ran after installs.
Rec'd msg that it "wasn't recommended" for a sql server.
arnold: Yes, another DC is in the environment prior to demotion.
The other Server was the primary and is currently.
dcdiag was not ran. Only forestprep and domainprep prior to install.
meta cleanup was ran after installs.
When you look at the current admin user's account, which groups is the user a member of?
Could someone had modified the name of a security group?
On the SQL sever builtin is local to the SQL server.
To find a domain based groups, you have to search the domain for the object.
Since it was a DC, when searching it defaulted to the domain. Since It is no longer a DC, the default search is for a local credential store, the sqlserver.... Double check the location. When you are searching.
Could someone had modified the name of a security group?
On the SQL sever builtin is local to the SQL server.
To find a domain based groups, you have to search the domain for the object.
Since it was a DC, when searching it defaulted to the domain. Since It is no longer a DC, the default search is for a local credential store, the sqlserver.... Double check the location. When you are searching.
ASKER
Arnold
Looks like the only admin groups are domain.local/Users.
No one else would have made any changes.
When searching, I have "From this location" = "domainname.local"
This looks identical to my PDC.
But the SQL server doesn't add domain admins. Only a local admin group.
Looks like the only admin groups are domain.local/Users.
No one else would have made any changes.
When searching, I have "From this location" = "domainname.local"
This looks identical to my PDC.
But the SQL server doesn't add domain admins. Only a local admin group.
ASKER
...running functions like "create a restore point" prompts me with
"windows cannot access the specified device, path.... you may not have the appropriate permissions"
Looking at folder security was where I noticed the domain/administrator was not assigned or available.
"windows cannot access the specified device, path.... you may not have the appropriate permissions"
Looking at folder security was where I noticed the domain/administrator was not assigned or available.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
DNS; it was the DNS settings.
Corrected this and domain admins magically appear.
Thank you arnold
Corrected this and domain admins magically appear.
Thank you arnold
ASKER
DNS settings were misaligned
If so was the DC promoted again?