Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
why does domain promo disable the loca administrator credential in win2012?

Answered why does domain promo disable the loca administrator credential in win2012?

  • Tuesday, September 11, 2012 4:32 PM
     
     
    Sign In to Vote
    0

    Install windows2012 server then add AD role.

    As a part of it, I promoted to domain then it disable the local administrator credential.

    I can login as domain admin but can't login as a local administrator any more.  why?

     

    1.       When I promote the AD it disable(block?) the local administrator credential. I can login ONLY with domain administrator.

    a.       I enabled using “>net user Administrator /active:yes”, but it does not help.

    b.      No control on User(add/remove, change password)

    2.       I could not find the menu “Active Directory Domain Services configuration Wizard” to add(create) new

             sub(or child) domain.

             I used Powershell to add sub(child) domain but it prompted an error

                  "Install-ADDSDomain : Verification of prerequisites for Domain Controller promotion failed. The specified

                    argument 'ChildName' was not recognized."

     

    Please advice me.

     

All Replies

  • Tuesday, September 11, 2012 6:15 PM
     
     
    Sign In to Vote
    0
    This has always happened when a machine is promoted to a DC; it's not new in 2012.  The whole security changes on the box when it becomes a DC, so there is no need for a local administrator account anymore.

    tim

     
  • Wednesday, September 12, 2012 12:44 AM
     
     
    Sign In to Vote
    0

    Thanks for quick reply.

    Please provide me another advice for second question.

    Now, I have a root domain. I want to create several sub doimain under it.

    How to launch “Active Directory Domain Services configuration Wizard”?

    Bo

     
  • Wednesday, September 12, 2012 2:10 PM
     
     
    Sign In to Vote
    0

    You have to create additional domain controllers.  When you create your very first domain controller, you create a forest.  As additional machines are promoted to domain controllers, in the same way you created your first domain controller, you are asked how you want to place the new domain controllers - as new forest, member of existing domain, new domain in existing forest.

    It sounds like it might be helpful if you started some reading here - http://technet.microsoft.com/en-us/library/cc780336(v=ws.10) - Active Directory Concepts.

    tim

     
  • Thursday, September 13, 2012 8:32 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi,

    It is normal that when we promoted a server to be a DC, local admin will be disabled. DC is for a domain not just a local computer.

    If you want to create a new child domain for this domain, then we should add ad-domain service role on another server, and then promot it to be DC.

    Regards,

    Yan Li

    Yan Li

    TechNet Community Support