Lately, I wanted to add a new domain controller to a domain. At first, the Configuration Wizard ran as expected. But just as the process was about to come to an end, I received an “Access is denied” error message.
The promotion with dcpromo was canceled, despite the administrative account having sufficient rights.
DCPROMO „Access is denied“
This was the complete error message:
“The operation failed because: The Active Directory Domain Services Installation Wizard was unable to convert the computer account < hostname>$ to an Active Directory Domain Controller account. “Access is denied””
Doing some web-research, I came up with a Microsoft Knowlegde Base Artikel – which in this case didn’t help though.
I decided to check again the attributes of the computer object which was supposed to be promoted to DC.
The computer was protected from accidental deletion.
After unchecking the box “Protect object from accidental deletion”, the configuration ran without another error message.
The server could be promoted to domain controller.