Attempting to provision a Windows VM to Microsoft Active Directory 2016 Domain Controller (Microsoft Endpoint). vRO may display the following in the error log.
A required privilege is not held by the client – AD machineBuilding error
- vRealize Automation 7.x
Microsoft User Account Control has a specific Security Policy that needs to be disabled on the Microsoft Active Directory 2016 Server(s).
Create a list of versions/items affected by this problem
Workaround or Solution
Adjust the Local Security Policy on the Domain Controller and set the policy (User Account Control: Run all administrators in Admin Approval Mode) to DISABLED
To change the policy, follow the steps below.
- Open Local Security Policy, on the Start screen, type secpol.msc, and then press ENTER.
- Navigate to Security Settings>Local Policies>Security Options
- Scroll to find the User Account Control: Run all administrators in Admin Approval Mode policy
- Right-Click and select Properties
- Change the Local Security Setting to DISABLED