Re: Windows NT 4.0 BDC Upgrade
Brandon_at_discussions.microsoft.com
Date: 08/12/04
- Next message: Herb Martin: "Re: Auditing for helpdesk"
- Previous message: Larry Bird: "Rebuilding an DC/AD machine (Windows 2003)"
- In reply to: Scott Harding - MS MVP: "Re: Windows NT 4.0 BDC Upgrade"
- Next in thread: Scott Harding - MS MVP: "Re: Windows NT 4.0 BDC Upgrade"
- Reply: Scott Harding - MS MVP: "Re: Windows NT 4.0 BDC Upgrade"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 12 Aug 2004 11:50:01 -0700
OK...I can see that. But...shouldn't the machine get a
new SID when it is added to a domain?
I added it to a domain that it's never been a memeber of
before....and got that message.
thanks!
>-----Original Message-----
>That error is because the SIDS don't match. You could try
NewSid from
>Sysinternals.com to try and get it into the new domain
but I don't think it
>will work.
>
>--
>Scott Harding
>MCSE, MCSA, A+, Network+
>Microsoft MVP - Windows NT Server
>
><brandon@discussions.microsoft.com> wrote in message
>news:4d1101c4808a$045b48f0$a301280a@phx.gbl...
>> yeah...I know what you mean. I probably should. Now
it's
>> more the point of just trying to do it. :) And it's a
>> great big nasty cluster...and I really don't want to
have
>> to rebuild all that cluster crap.
>>
>> Intresting though...I've been using netdom to move it
>> around from domain to domain. I moved it to an old NT40
>> domain we have, and it moved just fine. Started going
>> through the AD wizard and it didnt like that the PDC for
>> that domain hadn't been upgraded yet. SO...I really
>> couldn't mess with that one. Next I moved it to
>> the "temp" domain I setup last night...which is a w2K AD
>> box. It moved to that domain as well. I figured that
>> would be really good...because when it moves back to
that
>> domain it gets a new SID. Well...no luck there
>> either..get some message about security database and
>> trust. Which I think has something to do with the trust
>> relationship that this box had before it was upgraded to
>> W2K. So....now I really don't know what I am going to
>> do. not in any real big hurry. Like I said...it's a
>> cluster and the other node has already been upgraded and
>> the cluster started fine. So...I have some time with
this
>> one.
>>
>>
>>
>> >-----Original Message-----
>> >Hmmm. Thought might work but I guess not. The new
domain
>> will not work as
>> >the SID's are different and Netdom will only reset the
>> secure channel
>> >password and not change the SID's. At this point I
would
>> scratch the whole
>> >thing and do a fresh install of Win2k and forget about
>> this whole process.
>> >You've probably spent more time at this point trying to
>> make this work than
>> >it would have taken you to reinstall Win2k and all the
>> apps. Your trying to
>> >fit a square peg in a round hole and even if you get
this
>> to work you could
>> >have issues. Just my $0.02 :) Good Luck!
>> >
>> >--
>> >Scott Harding
>> >MCSE, MCSA, A+, Network+
>> >Microsoft MVP - Windows NT Server
>> >
>> ><anonymous@discussions.microsoft.com> wrote in message
>> >news:48ea01c47ff8$53f79d10$a601280a@phx.gbl...
>> >> ok...well I tried that switch, and no luck. Same
thing.
>> >> I am guessing that during the w2k upgrade it logs
>> >> somewhere within the w2k upgrade weither or not its a
>> bdc
>> >> or pdc.
>> >>
>> >> However, I tried my little idea of creating a new ad
>> with
>> >> the old name of the domain the problem computer is
in.
>> >>
>> >> I got a little futher...but not much. Now, when
going
>> >> through the active directory wizard it cranks along
>> pretty
>> >> far, and I can actually hear the new DC working away
>> (it's
>> >> a super old desktop sitting right next to me). So
when
>> I
>> >> click on the last "next" in the AD wizard the machine
>> >> right next to me starts working away...so I know
that at
>> >> least the problem machine is talking to the new DC.
But
>> >> now the problem is the following message..."the
security
>> >> database on the server does not have a computer
account
>> >> for this workstation trust relationship".
>> >>
>> >> The only thought I have hear is that the computer
>> account
>> >> passwords probably don't match....since I had to
>> manually
>> >> make the computer account on the DC. Wonder if I can
>> run
>> >> netdom.exe to fix that. Hmmmm...I might try that in
the
>> >> morning.
>> >>
>> >> Any ideas?
>> >>
>> >> thanks!
>> >> >-----Original Message-----
>> >> >
>> >> >"what if I took another 2000 member server, upgraded
>> it to
>> >> >a DC with the name of the domain the current problem
>> >> >server is in. "
>> >> >
>> >> >I don't think that will work because this will not
be
>> the
>> >> same domain. The
>> >> >registry key I was after is the following.
>> >> >
>> >> >HKEY_LOCAL_MACHINE\SECURITY\Policy\PolSrvRo - I
believe
>> >> that value 3 is a
>> >> >PDC and 2 is a BDC and 4?(can't remember) is a
member
>> >> server. You will have
>> >> >to give the administrator full control to each of
these
>> >> keys to be able to
>> >> >navigate to this key. Note this key will not work to
>> >> change a member server
>> >> >into a DC or vice versa. The only way to make a
member
>> >> server a DC or vice
>> >> >versa is to reinstall w/o using a 3rd party product.
>> You
>> >> might want to wait
>> >> >for some more ideas before trying this but I think
this
>> >> may be your only
>> >> >option. You can also confirm after restart by
>> typing 'net
>> >> accounts' at a cmd
>> >> >prompt and see if change to Primary(after changing
key)
>> >> from Backup which is
>> >> >should currently state.
>> >> >--
>> >> >Scott Harding
>> >> >MCSE, MCSA, A+, Network+
>> >> >Microsoft MVP - Windows NT Server
>> >> >
>> >> >"Scott Harding - MS MVP"
>> >> <scrockel@**NO_SPAM**hotmail.com> wrote in message
>> >> >news:OzmVfy%23fEHA.3428@TK2MSFTNGP11.phx.gbl...
>> >> >> Ok, there is a registry key that you can change
from
>> a
>> >> 2 to 3, if I
>> >> >remember
>> >> >> correctly to manually change a BDC to a PDC. My
>> thought
>> >> is that if you can
>> >> >> change this key, then reboot, this machine will
think
>> >> it is a PDC and then
>> >> >> the AD wizard should work. I haven't tried it
before
>> >> but in theory it
>> >> >should
>> >> >> work. I am having a hard time remembering where
this
>> >> key is though. I'll
>> >> >dig
>> >> >> a little , maybe someone else will chime in with
>> >> another idea. Also you
>> >> >> could just reinstall Win2k and not format the
system
>> >> but of course all
>> >> >apps,
>> >> >> setting will have to be redone. Let me see if I
can
>> >> find this key. Of
>> >> >course
>> >> >> before trying this make sure your backups are good
>> >> because it could
>> >> >fail...
>> >> >>
>> >> >> --
>> >> >> Scott Harding
>> >> >> MCSE, MCSA, A+, Network+
>> >> >> Microsoft MVP - Windows NT Server
>> >> >>
>> >> >> "Scott Harding - MS MVP"
>> >> <scrockel@**NO_SPAM**hotmail.com> wrote in
>> >> >message
>> >> >> news:%23wedZs%23fEHA.140@TK2MSFTNGP12.phx.gbl...
>> >> >> > Oops....forgot you've already upgraded to
Windows
>> >> 2000. Let me think
>> >> >about
>> >> >> > this.....
>> >> >> >
>> >> >> > --
>> >> >> > Scott Harding
>> >> >> > MCSE, MCSA, A+, Network+
>> >> >> > Microsoft MVP - Windows NT Server
>> >> >> >
>> >> >> > "brandon" <anonymous@discussions.microsoft.com>
>> wrote
>> >> in message
>> >> >> > news:432d01c47fe5$130fafd0$a301280a@phx.gbl...
>> >> >> > > well...i might have myself in a mess.
>> >> >> > >
>> >> >> > > I had two machines that were in a MS Cluster,
>> >> running
>> >> >> > > nt40, and needed to be upgraded to W2K. One
was
>> a
>> >> PDC and
>> >> >> > > the other a BDC. However, neither one of them
>> >> needs to be
>> >> >> > > any longers and they both just need to be
member
>> >> servers.
>> >> >> > >
>> >> >> > > The first machine which happened to be the
DC...I
>> >> upgraded
>> >> >> > > to W2K installed AD, and new forest and all
that
>> >> crap.
>> >> >> > > Next I ran dcpromo and demoted it to a member
>> >> server and
>> >> >> > > then added it to my active directory domain.
All
>> >> is good
>> >> >> > > with that machine.
>> >> >> > >
>> >> >> > > The problem is with the second machine. The
>> >> upgrade went
>> >> >> > > well...but now the AD wizard comes up and
wants
>> to
>> >> make
>> >> >> > > the machine a member server or a domain
>> >> controller. When
>> >> >> > > I choose to make it a member server I get a
>> prompt
>> >> asking
>> >> >> > > for a username, password and domain of an
account
>> >> that has
>> >> >> > > privledges to do so. At this point I have
tried
>> >> about
>> >> >> > > every account possible, and I get an error
>> stating
>> >> it
>> >> >> > > can't find the domain.
>> >> >> > >
>> >> >> > > If I choose to make it a domain controller, it
>> >> comes back
>> >> >> > > and states that the PDC of the domain hasn't
been
>> >> upgraded
>> >> >> > > to w2k and to upgrade it first. Well...did
that
>> >> but it's
>> >> >> > > not a DC anymore.
>> >> >> > >
>> >> >> > > So...basically I have a W2K machine I need to
be
>> a
>> >> member
>> >> >> > > server that is stuck at the AD wizard. Any
>> ideas?
>> >> >> > >
>> >> >> > > thanks
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: Herb Martin: "Re: Auditing for helpdesk"
- Previous message: Larry Bird: "Rebuilding an DC/AD machine (Windows 2003)"
- In reply to: Scott Harding - MS MVP: "Re: Windows NT 4.0 BDC Upgrade"
- Next in thread: Scott Harding - MS MVP: "Re: Windows NT 4.0 BDC Upgrade"
- Reply: Scott Harding - MS MVP: "Re: Windows NT 4.0 BDC Upgrade"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
