none
Administrator Access on Server 2008 R2 RRS feed

  • Question

  • Hi all,

     

    I have a DC called Domain1 and have joined a member server Member1 to the domain.

    In the AD for Domain1, I created an admin user "Admin1" and added it to the Adminstrator Group.

     

    The issues is that when I login to Member1 with Admin1, I do not get full adminstrator priviledges.For example, I cannot run the Server Manager !

     

    I am not sure what the issues is but suspect the follwoing:

    • The DC and the Member server have the same SID (they were the same cloned image) so it may be caused by SID issues. Guidance welcomed on this.
    • Windows UAC may be caausing issues.

     

    I thougth it was a group issue and have tried to address this by creating another Admin user Admin2 which is in the same groups as the built in Administrator group. But I continue to have he same issues. Any help would be appreciated...

    Tuesday, April 5, 2011 2:35 AM

All replies

  • HI,

    How many DCs in the Domain?

    what errors did you get in event log?

    if you have multiple DCs, there might be some problem with AD replication

    Tuesday, April 19, 2011 5:58 AM
  • Found the solution, the SID for the DC and the member servers were the same because they were provisioned from the same VM. Duplicate SIDS are not typically an issue but can be when the DC has the same SID as its member servers - see below. http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx "As I said earlier, there’s one exception to rule, and that’s DCs themselves. Every Domain has a unique Domain SID that’s the machine SID of the system that became the Domain’s first DC, and all machine SIDs for the Domain’s DCs match the Domain SID. So in some sense, that’s a case where machine SIDs do get referenced by other computers. That means that Domain member computers cannot have the same machine SID as that of the DCs and therefore Domain. However, like member computers, each DC also has a computer account in the Domain, and that’s the identity they have when they authenticate to remote systems. "
    Tuesday, April 26, 2011 10:48 AM