error: 5 (Access s denied) RODC (win srv 2012) with DC (win srv 2016)

Question

Good Day Dears,

I'm trying to add RODC (windows server 2012 R2) to DC (windows server 2016) and I have error: 5 (Access is denied)

note that my user is member of : Administrators , Domain Admins , Allowed RODC Password and Enterprise Admin .

Also I tried to add it from DC , from Pre-create Read-only Domain Controller account

Br,

Ahmed Maxsood

Source: https://social.technet.microsoft.com/Forums/windowsserver/en-US/53f74443-ce11-428c-88da-660c5ff66ab7/error-5-access-s-denied-rodc-win-srv-2012-with-dc-win-srv-2016?forum=winserverDS

Answer 1

Hello Ahmed Maxsood ,

Thank you for posting here.

Q: I'm trying to add RODC (windows server 2012 R2) to DC (windows server 2016) and I have error: 5 (Access is denied)
A: As I understand, we want to add one RODC to existing domain.

Before we do any change in existing AD domain environment, we had better do:
1.Check if AD environment is healthy. Check all DCs in this domain is working fine by running Dcdiag /v on every DC.
Check if AD replication works properly by running repadmin /showrepl and repadmin /replsum on every DC.

2.Back up all domain controllers.

Before we begin to troubleshoot, please let me know more information to clarify our issue, would you mind collecting the following information at your convenience? I appreciate your time and effort.
1.What is our domain functional level and forest functional level?
2.How many domain do you have?
3.How many DCs is each domain?
4.What specific operations are you doing, then we receive this error (add RODC to domain or promote RODC)? It is perfect that you can provide the screenshot with error message.
5.Would you please do the same operations with built-in domain Administrator account and check if it helps?

Note: If we want to add 2012 R2 DC to the existing domain, the domain functional level must be equal to or lower than 2012 R2.

If anything is unclear, please feel free to let us know.

Best Regards,
Daisy Zhou