I remember in my first Windows class, yes, it was Windows NT Server 3.5. My trainer said, multiple times, that every time you see “Access is Denied” it is a permissions issue. I took it with a grain of salt, but I haven’t seen it to not be true, yet.
I was working on an installation and ran into this error. I had set up the installation account as a domain administrator, and had already done the Schema and Forest pieces of the installation without any issues. The installation account was also configured as a local administrator on the server. So, it was a shock to me when I saw the error.
Error: Active Directory operation failed on “ServerNameFQDN”. You cannot retry this operation: “Access is denied 00000005: SecErr: DSID-0315121D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data0″
Yes, I didn’t have permissions. Somebody else decided that my account didn’t need to be a Domain Admin and took away the rights.
So, there are two ways to move forward. Either make the account a Domain Admin, or have somebody delegate the required permissions to the OU and domain for the account.
http://technet.microsoft.com/en-us/library/gg412735.aspx is the perfect place to get the right info.