Q

Problems with Active Directory and insufficient rights

We have a Windows 2000 environment that is still running in Mixed Mode. We have had our solution in place for almost a year. Last week we renamed the domain administrator account. Since then, it has caused nothing but problems. We are unable to create any new group policies. The message says "insufficient privileges" or examine the default domain controller policy again with the "Insufficient Rights." We are unable to run Backup Exec and again we get "Insufficient rights."

We tested renaming the account on our Test server without any issues.

Do you know of any way to reset the administrator account within Active Directory? I'm sure there's a conflict between the GUID and account name.

Renaming an account should not (I stress the word "should") have any effect on permissions. Active Directory objects are protected by ACLs that contain user and group SIDs, not the user's name or the GUID assigned to the user's AD object. Have you tried changing the name back to "Administrator" and seeing if the problems disappear?

We could be looking at something coincidental. Did you change the administrator password at the same time you changed the name? Then your problems make more sense, especially for Backup Exec. The password associated with a service such as Backup Exec is set in the Services.msc console. Reset the password and that should solve the "Insufficient Rights" error for BE.

Did you take the Administrator account out of the Administrators group and/or the Domain Admins group at the same time that you changed the name? That would explain the problem with group policies. You must have rights for the Policies container to modify a GPO. You can see the rights assigned to the Policies container in the AD Users and Computers console by enabling the "View Advanced" option then drilling down to System | Policies. Open the Properties window for the Policies container and select the Security tab.

By default, both the Administrators group and the Domain Admins group are on the ACL for this container. That's what makes me think you might have taking the Administrator account out of these groups.

Repost a follow-up if these suggestions do not help.

This was first published in April 2001

Dig deeper on Domain Name System (DNS)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close