The documentation specifies that you must be a member of "Domain Admins" but you also need to be a member of "Schema Admins".
The first installation on a DC must add elements and attributes to the schema so that the AuthLite Partition can be set up. If your account is not a member of Schema Admins (by default a domain admin is not a schema admin!) then you need to have it added, or use another appropriate account.
Remember if you add your account to this group you must log out and log back in to get an updated token, or else you will not see any difference.
Once the first domain controller has been installed, you no longer need to run future installs as a schema admin. The schema elements only need to be added once per enterprise.
Note: these schema additions do not make any changes to built-in AD objects, and will have no adverse effect on your directory.
Questions or comments about this article? Let us know: