VOX

As far as I know you new Domain Admin account because you need to extend the AD schema and then populate AD.

_Shazam

To make edits to AD by adding or removing objects Domain Admin rights are a requirement.

The issue with pop up using seadcli. Which HF are you for the server you see this issue? And no I have not seen that. Did you have a look in the SEADConfig.log or the sesnapin.log file?

Thanks for your reply bjorn.

1. It is not always necessary to have domain admin rights to populate AD. Depending on the permissions delegated, an individual may or may not need domain admin rights.

For example scwrite has been granted certain modification permissions and scread has been granted certain read permissions to objects beneath CN=WQuinn,DC=DN_of_domain. Above and beyond these permissions, what else is required to make a SE server "AD enabled"?

2. I am not running any of the hotfixes as they didnt seem relevant. I retried removing the server from EAO and adding it again as a user with scwrite access and it worked. So I cant seem to repro issues adding servers to AD as a non-domain admin user (but with scwrite access). However I still do get the issues of "Windows - no disk. there is no disk in drive. Pleasr insert a disk into drive. Cancel/Ty again/Continue" . It also seems to happen only when I run the command to enable EAO on the local server itself. When doing this for remote servers it doesnt seem to be an issue. ssesnapin.log has nothing related (not modified for today after running the command). seadconfig.log shows no errors. I did however press continue 6 times to complete the install successfully.

I just realised why I couldnt repro issues enabling EAO on SE servers as a user with no domain admin rights. I delegated full control of the CN=WQuinn container and all sub objects to a group I am in earlier in the week.