While creating a Test Environment to check a few issues I am experiencing on a Previous RODC I set up. The following error kept coming up: “You must supply a user account Name”.
Upon doing a bit of research I did not find much except for an article advising to create a new account and adding the user to the Domain Admin Groups. Which is fine and it worked but it did not make sense why I could not add with the Default Admin account.
Well, it turns out the answer is much simpler than the above-mentioned. So to give a quick idea of how the Server is set up.
- Install the OS
- Create a password for the Local Administrator Account
- Do Windows Updates
- Install Services that are going to be used initially
- Join the Domain
- Configure Services accordingly
So the problem is simply when promoting to a domain controller, the Local Admin Account is still available and it tries and uses that account instead of the Domain Admin Administrator Account to authenticate. Simply supplying the correct credential fixed the issue and I was able to continue on.
The remaining question after this is what happens to another server’s Local Admin Accounts? With a DC it becomes the Main DC Administrator account. With Fileservers it is potentially whatever it was made the day it was set up or worse a person that is not security-aware set it up with a Simplistic Password.
To Start off look at Renaming and disabling Local Admin Accounts
The issue is because you are trying with a domain “ZARODC001VS” which obviously does not exist since its the name of your DC. What you have to do is to type administrator@ffs.local to specify the valid domain you are trying to join. By this you will be able to join the domain with the admin account of that domain and you wont get that error.