Announcement

Collapse
No announcement yet.

Adding additional Windows Server 2012 R2 domain controller to windows 2008 domain.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding additional Windows Server 2012 R2 domain controller to windows 2008 domain.

    Hi everyone

    I have two domain controllers in my domain. The OS of DCs is windows server 2008R2 and domain and forest functional level is Windows server 2008. I was trying to add a additional domain controller (Windows server 2012 R2) on my domain but its throwing an error while doing prerequisite check.The screenshot of error is attached with the post. The error says user should be member of enterprise admin and scheme admin group. According to microsoft: https://docs.microsoft.com/en-gb/win...MK_AdprepCreds

    If you are not currently logged on with sufficient credentials to run adprep.exe commands and adprep is required to run in order to complete the AD DS installation, you are prompted to supply credentials to run adprep.exe. Adprep is required to run in order to add the first domain controller that runs Windows Server 2012 to an existing domain or forest. More specifically: ............


    I am just confused and wondering its neither the RODC and nor the first DC in domain then why I am receiving this error. I am also wondering what if i use the other user which has required rights would it be safe to do that and my environment will keep on running without any problem. Please suggest.


    Attached Files
    Last edited by Ali Ahmed; 3rd July 2018, 12:16.

  • #2
    The reason you need enterprise admin / schema admin is that, from server 2012, the setup attempts to extend the AD schema. I would suggest you use "the" administrator account for this and all should be well
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Thank you Tom for the quick reply... You mean domain administrator account ?

      Comment


      • #4
        Yes, the domain administrator
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          To update the Schema you actually need Schema Admin rights.

          Comment


          • #6
            Originally posted by Ossian View Post
            The reason you need enterprise admin / schema admin is that, from server 2012, the setup attempts to extend the AD schema. I would suggest you use "the" administrator account for this and all should be well
            Thank you Tom Jones. Its done.

            Comment

            Working...
            X