Domain Controller has down arrow beside it in Active Directory/Users and Computers

[24elements]

I have a Windows domain with one existing domain controller Windows server 2012 R2.  I recently added another Windows server 2012 R2 domain controller to the same Windows domain for replication.

1 - In Active Directory/Users and Computers/Computers, the second domain controller I added has a DOWN arrow next to the name.  Apparently the account is disabled.  Why?  After researching I found the following on TechNet:

 

"This domain controller must have the Enable computer and user accounts to be trusted for delegation user right granted to the Builtin Administrators security group if the domain controller is used as a replication partner during a domain controller promotion. "

 

I've added Windows Server 2003 and 2008 to domains and never had this issue.  Why does this happen with 2012 R2 and why must I have "computer and user accounts to be trusted for delegation user right granted to the Builtin Administrators security group enabled" ?

 

Thanks in advance for your help - Mike

[sc302 Veteran]

Sounds like you had issues with the dcpromo process.  may have to remove from ad and try again..could be a firewall issue if you are using 3rd party antivirus/endpoint security.   Or enable the account. 

 

Verify through your eventlogs. 

[binaryzero]

^^^

[philcruicks]

I'd agree with the above, remove it, do a metadata cleanup and try again.

 

Of course check the event logs 1st see if you can get anything from that.