Re: Windows NT 4.0 BDC Upgrade
From: Scott Harding - MS MVP (scrockel_at_**NO_SPAM**hotmail.com)
Date: 08/13/04
- Next message: Tomasz Onyszko: "Re: The following entry in the [strings] section is too long and has been truncated"
- Previous message: Rob: "dcpromo log file."
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Windows NT 4.0 BDC Upgrade"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 13 Aug 2004 13:44:46 -0700
I was afraid of that. Oh well good luck with the rebuild :)
-- Scott Harding MCSE, MCSA, A+, Network+ Microsoft MVP - Windows NT Server <anonymous@discussions.microsoft.com> wrote in message news:599201c48168$420cbf10$a301280a@phx.gbl... > It moved several time without issues...the account shows > up in AD and all. But...that still not enough to make the > upgrade go. I'm rebuilding. > > > >-----Original Message----- > >This is a domain controller though. You can try but I > have serious doubts. > >Moving workstations and member servers are not a problem. > > > >-- > >Scott Harding > >MCSE, MCSA, A+, Network+ > >Microsoft MVP - Windows NT Server > > > ><anonymous@discussions.microsoft.com> wrote in message > >news:56e101c48145$23d6c220$a301280a@phx.gbl... > >> really? Maybe with the old netdom it was that way. > >> > >> but with the newer one...you can clearly move machines > >> into domains. Check out.... > >> > >> netdome move /help > >> > >> > >> > >> > >> > >> > >> >-----Original Message----- > >> >You cannot add DC to other domain without reinstalling > >> them in NT4. Netdom > >> >will reset the secure channel password but will not > >> change the computer to > >> >the new domain. > >> > > >> >-- > >> >Scott Harding > >> >MCSE, MCSA, A+, Network+ > >> >Microsoft MVP - Windows NT Server > >> > > >> ><Brandon@discussions.microsoft.com> wrote in message > >> >news:511701c4809d$2c7e1de0$a501280a@phx.gbl... > >> >> OK...I can see that. But...shouldn't the machine > get a > >> >> new SID when it is added to a domain? > >> >> > >> >> I added it to a domain that it's never been a > memeber of > >> >> before....and got that message. > >> >> > >> >> thanks! > >> >> > >> >> >-----Original Message----- > >> >> >That error is because the SIDS don't match. You > could > >> try > >> >> NewSid from > >> >> >Sysinternals.com to try and get it into the new > domain > >> >> but I don't think it > >> >> >will work. > >> >> > > >> >> >-- > >> >> >Scott Harding > >> >> >MCSE, MCSA, A+, Network+ > >> >> >Microsoft MVP - Windows NT Server > >> >> > > >> >> ><brandon@discussions.microsoft.com> wrote in message > >> >> >news:4d1101c4808a$045b48f0$a301280a@phx.gbl... > >> >> >> yeah...I know what you mean. I probably should. > Now > >> >> it's > >> >> >> more the point of just trying to do it. :) And > it's > >> a > >> >> >> great big nasty cluster...and I really don't want > to > >> >> have > >> >> >> to rebuild all that cluster crap. > >> >> >> > >> >> >> Intresting though...I've been using netdom to > move it > >> >> >> around from domain to domain. I moved it to an > old > >> NT40 > >> >> >> domain we have, and it moved just fine. Started > >> going > >> >> >> through the AD wizard and it didnt like that the > PDC > >> for > >> >> >> that domain hadn't been upgraded yet. SO...I > really > >> >> >> couldn't mess with that one. Next I moved it to > >> >> >> the "temp" domain I setup last night...which is a > >> w2K AD > >> >> >> box. It moved to that domain as well. I figured > >> that > >> >> >> would be really good...because when it moves back > to > >> >> that > >> >> >> domain it gets a new SID. Well...no luck there > >> >> >> either..get some message about security database > and > >> >> >> trust. Which I think has something to do with the > >> trust > >> >> >> relationship that this box had before it was > >> upgraded to > >> >> >> W2K. So....now I really don't know what I am > going > >> to > >> >> >> do. not in any real big hurry. Like I > said...it's a > >> >> >> cluster and the other node has already been > upgraded > >> and > >> >> >> the cluster started fine. So...I have some time > with > >> >> this > >> >> >> one. > >> >> >> > >> >> >> > >> >> >> > >> >> >> >-----Original Message----- > >> >> >> >Hmmm. Thought might work but I guess not. The new > >> >> domain > >> >> >> will not work as > >> >> >> >the SID's are different and Netdom will only > reset > >> the > >> >> >> secure channel > >> >> >> >password and not change the SID's. At this point > I > >> >> would > >> >> >> scratch the whole > >> >> >> >thing and do a fresh install of Win2k and forget > >> about > >> >> >> this whole process. > >> >> >> >You've probably spent more time at this point > >> trying to > >> >> >> make this work than > >> >> >> >it would have taken you to reinstall Win2k and > all > >> the > >> >> >> apps. Your trying to > >> >> >> >fit a square peg in a round hole and even if you > get > >> >> this > >> >> >> to work you could > >> >> >> >have issues. Just my $0.02 :) Good Luck! > >> >> >> > > >> >> >> >-- > >> >> >> >Scott Harding > >> >> >> >MCSE, MCSA, A+, Network+ > >> >> >> >Microsoft MVP - Windows NT Server > >> >> >> > > >> >> >> ><anonymous@discussions.microsoft.com> wrote in > >> message > >> >> >> >news:48ea01c47ff8$53f79d10$a601280a@phx.gbl... > >> >> >> >> ok...well I tried that switch, and no luck. > Same > >> >> thing. > >> >> >> >> I am guessing that during the w2k upgrade it > logs > >> >> >> >> somewhere within the w2k upgrade weither or not > >> its a > >> >> >> bdc > >> >> >> >> or pdc. > >> >> >> >> > >> >> >> >> However, I tried my little idea of creating a > new > >> ad > >> >> >> with > >> >> >> >> the old name of the domain the problem > computer is > >> >> in. > >> >> >> >> > >> >> >> >> I got a little futher...but not much. Now, > when > >> >> going > >> >> >> >> through the active directory wizard it cranks > >> along > >> >> >> pretty > >> >> >> >> far, and I can actually hear the new DC working > >> away > >> >> >> (it's > >> >> >> >> a super old desktop sitting right next to > me). So > >> >> when > >> >> >> I > >> >> >> >> click on the last "next" in the AD wizard the > >> machine > >> >> >> >> right next to me starts working away...so I > know > >> >> that at > >> >> >> >> least the problem machine is talking to the new > >> DC. > >> >> But > >> >> >> >> now the problem is the following message..."the > >> >> security > >> >> >> >> database on the server does not have a computer > >> >> account > >> >> >> >> for this workstation trust relationship". > >> >> >> >> > >> >> >> >> The only thought I have hear is that the > computer > >> >> >> account > >> >> >> >> passwords probably don't match....since I had > to > >> >> >> manually > >> >> >> >> make the computer account on the DC. Wonder > if I > >> can > >> >> >> run > >> >> >> >> netdom.exe to fix that. Hmmmm...I might try > that > >> in > >> >> the > >> >> >> >> morning. > >> >> >> >> > >> >> >> >> Any ideas? > >> >> >> >> > >> >> >> >> thanks! > >> >> >> >> >-----Original Message----- > >> >> >> >> > > >> >> >> >> >"what if I took another 2000 member server, > >> upgraded > >> >> >> it to > >> >> >> >> >a DC with the name of the domain the current > >> problem > >> >> >> >> >server is in. " > >> >> >> >> > > >> >> >> >> >I don't think that will work because this will > >> not > >> >> be > >> >> >> the > >> >> >> >> same domain. The > >> >> >> >> >registry key I was after is the following. > >> >> >> >> > > >> >> >> >> >HKEY_LOCAL_MACHINE\SECURITY\Policy\PolSrvRo - > I > >> >> believe > >> >> >> >> that value 3 is a > >> >> >> >> >PDC and 2 is a BDC and 4?(can't remember) is a > >> >> member > >> >> >> >> server. You will have > >> >> >> >> >to give the administrator full control to > each of > >> >> these > >> >> >> >> keys to be able to > >> >> >> >> >navigate to this key. Note this key will not > >> work to > >> >> >> >> change a member server > >> >> >> >> >into a DC or vice versa. The only way to make > a > >> >> member > >> >> >> >> server a DC or vice > >> >> >> >> >versa is to reinstall w/o using a 3rd party > >> product. > >> >> >> You > >> >> >> >> might want to wait > >> >> >> >> >for some more ideas before trying this but I > >> think > >> >> this > >> >> >> >> may be your only > >> >> >> >> >option. You can also confirm after restart by > >> >> >> typing 'net > >> >> >> >> accounts' at a cmd > >> >> >> >> >prompt and see if change to Primary(after > >> changing > >> >> key) > >> >> >> >> from Backup which is > >> >> >> >> >should currently state. > >> >> >> >> >-- > >> >> >> >> >Scott Harding > >> >> >> >> >MCSE, MCSA, A+, Network+ > >> >> >> >> >Microsoft MVP - Windows NT Server > >> >> >> >> > > >> >> >> >> >"Scott Harding - MS MVP" > >> >> >> >> <scrockel@**NO_SPAM**hotmail.com> wrote in > message > >> >> >> >> >news:OzmVfy% > 23fEHA.3428@TK2MSFTNGP11.phx.gbl... > >> >> >> >> >> Ok, there is a registry key that you can > change > >> >> from > >> >> >> a > >> >> >> >> 2 to 3, if I > >> >> >> >> >remember > >> >> >> >> >> correctly to manually change a BDC to a > PDC. My > >> >> >> thought > >> >> >> >> is that if you can > >> >> >> >> >> change this key, then reboot, this machine > will > >> >> think > >> >> >> >> it is a PDC and then > >> >> >> >> >> the AD wizard should work. I haven't tried > it > >> >> before > >> >> >> >> but in theory it > >> >> >> >> >should > >> >> >> >> >> work. I am having a hard time remembering > where > >> >> this > >> >> >> >> key is though. I'll > >> >> >> >> >dig > >> >> >> >> >> a little , maybe someone else will chime in > >> with > >> >> >> >> another idea. Also you > >> >> >> >> >> could just reinstall Win2k and not format > the > >> >> system > >> >> >> >> but of course all > >> >> >> >> >apps, > >> >> >> >> >> setting will have to be redone. Let me see > if I > >> >> can > >> >> >> >> find this key. Of > >> >> >> >> >course > >> >> >> >> >> before trying this make sure your backups > are > >> good > >> >> >> >> because it could > >> >> >> >> >fail... > >> >> >> >> >> > >> >> >> >> >> -- > >> >> >> >> >> Scott Harding > >> >> >> >> >> MCSE, MCSA, A+, Network+ > >> >> >> >> >> Microsoft MVP - Windows NT Server > >> >> >> >> >> > >> >> >> >> >> "Scott Harding - MS MVP" > >> >> >> >> <scrockel@**NO_SPAM**hotmail.com> wrote in > >> >> >> >> >message > >> >> >> >> >> news:%23wedZs% > >> 23fEHA.140@TK2MSFTNGP12.phx.gbl... > >> >> >> >> >> > Oops....forgot you've already upgraded to > >> >> Windows > >> >> >> >> 2000. Let me think > >> >> >> >> >about > >> >> >> >> >> > this..... > >> >> >> >> >> > > >> >> >> >> >> > -- > >> >> >> >> >> > Scott Harding > >> >> >> >> >> > MCSE, MCSA, A+, Network+ > >> >> >> >> >> > Microsoft MVP - Windows NT Server > >> >> >> >> >> > > >> >> >> >> >> > "brandon" > >> <anonymous@discussions.microsoft.com> > >> >> >> wrote > >> >> >> >> in message > >> >> >> >> >> > news:432d01c47fe5$130fafd0 > >> $a301280a@phx.gbl... > >> >> >> >> >> > > well...i might have myself in a mess. > >> >> >> >> >> > > > >> >> >> >> >> > > I had two machines that were in a MS > >> Cluster, > >> >> >> >> running > >> >> >> >> >> > > nt40, and needed to be upgraded to W2K. > >> One > >> >> was > >> >> >> a > >> >> >> >> PDC and > >> >> >> >> >> > > the other a BDC. However, neither one > of > >> them > >> >> >> >> needs to be > >> >> >> >> >> > > any longers and they both just need to > be > >> >> member > >> >> >> >> servers. > >> >> >> >> >> > > > >> >> >> >> >> > > The first machine which happened to be > the > >> >> DC...I > >> >> >> >> upgraded > >> >> >> >> >> > > to W2K installed AD, and new forest and > all > >> >> that > >> >> >> >> crap. > >> >> >> >> >> > > Next I ran dcpromo and demoted it to a > >> member > >> >> >> >> server and > >> >> >> >> >> > > then added it to my active directory > >> domain. > >> >> All > >> >> >> >> is good > >> >> >> >> >> > > with that machine. > >> >> >> >> >> > > > >> >> >> >> >> > > The problem is with the second machine. > >> The > >> >> >> >> upgrade went > >> >> >> >> >> > > well...but now the AD wizard comes up > and > >> >> wants > >> >> >> to > >> >> >> >> make > >> >> >> >> >> > > the machine a member server or a domain > >> >> >> >> controller. When > >> >> >> >> >> > > I choose to make it a member server I > get a > >> >> >> prompt > >> >> >> >> asking > >> >> >> >> >> > > for a username, password and domain of > an > >> >> account > >> >> >> >> that has > >> >> >> >> >> > > privledges to do so. At this point I > have > >> >> tried > >> >> >> >> about > >> >> >> >> >> > > every account possible, and I get an > error > >> >> >> stating > >> >> >> >> it > >> >> >> >> >> > > can't find the domain. > >> >> >> >> >> > > > >> >> >> >> >> > > If I choose to make it a domain > >> controller, it > >> >> >> >> comes back > >> >> >> >> >> > > and states that the PDC of the domain > >> hasn't > >> >> been > >> >> >> >> upgraded > >> >> >> >> >> > > to w2k and to upgrade it first. > Well...did > >> >> that > >> >> >> >> but it's > >> >> >> >> >> > > not a DC anymore. > >> >> >> >> >> > > > >> >> >> >> >> > > So...basically I have a W2K machine I > need > >> to > >> >> be > >> >> >> a > >> >> >> >> member > >> >> >> >> >> > > server that is stuck at the AD wizard. > Any > >> >> >> ideas? > >> >> >> >> >> > > > >> >> >> >> >> > > thanks > >> >> >> >> >> > > >> >> >> >> >> > > >> >> >> >> >> > >> >> >> >> >> > >> >> >> >> > > >> >> >> >> > > >> >> >> >> >. > >> >> >> >> > > >> >> >> > > >> >> >> > > >> >> >> >. > >> >> >> > > >> >> > > >> >> > > >> >> >. > >> >> > > >> > > >> > > >> >. > >> > > > > > > >. > >
- Next message: Tomasz Onyszko: "Re: The following entry in the [strings] section is too long and has been truncated"
- Previous message: Rob: "dcpromo log file."
- In reply to: anonymous_at_discussions.microsoft.com: "Re: Windows NT 4.0 BDC Upgrade"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
