0

After renaming a domain from .com to .local I've noticed that none of my credentials work when I try to make any changes using my domain Administrator account.

When I try to install software that requires admin privileges my domain admin account doesn't work for it, nor do any domain accounts that are part of the domain administrators group.

I get errors like:
"The requested operation requires elevation."
"Access is denied."

These all happen when I try to do an operation which requires privilege escalation like un-joining the pc from the domain, or enabling the local admin account.

For the domain rename I used this http://mizitechinfo.wordpress.com/2013/06/10/simple-guide-how-to-rename-domain-name-in-windows-server-2012/ tutorial and it worked fine up until this point where I'm getting all kinds of privilege errors.

gh0st
  • 245
  • 1
  • 4
  • 19

2 Answers2

0

I had to enable the local administrator account by launching command prompt with the Windows install disc. Load the local hive and SAM edit the accounts key to enable the local admin. Once I had local admin rights I unjoined the machine from the local domain and then rejoined it. After that, privileges and access rights were working again!

gh0st
  • 245
  • 1
  • 4
  • 19
0

You should take a look at the real docs, instead of a random tutorial:

http://technet.microsoft.com/en-us/library/cc794869%28v=ws.10%29.aspx

There are a few steps in there, particularly in the section on completing the operation. One of them is to reboot the member computers twice in most cases, or else unjoin and rejoin them. There are also a large number of cleanup steps and steps that apply only to exchange in there.

Operationally, I strongly recommend that you enable the local administrator account, but rename it and set a strong password. The password update can be scripted or done via GPO if I recall.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92