Re: need to rebuild trust relationship b/w domain controllers
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 11/24/04
- Next message: ptwilliams: "Re: Determining which machines I've logged on to"
- Previous message: Ryan Hanisco: "Re: Hack Attempt on Windows 2003 AD Native"
- In reply to: Gary Roach: "Re: need to rebuild trust relationship b/w domain controllers"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Nov 2004 17:52:33 -0000
I'm sorry to hear it all went wrong : (
When you promote a machine the administrator account only exists as a one
off entry in a cut-down SAM for the Directory Services Restore Mode
(offline-AD). This is probably what happened with the accounts.
There are ways to reset the passwords, but you've already deleted the
account now, so maybe next time...
-- Paul Williams http://www.msresource.net http://forums.msresource.net "Gary Roach" <jgroach@NOSPAMcogeco.ca> wrote in message news:%23LCwGL0yEHA.3908@TK2MSFTNGP12.phx.gbl... thanks for the advice - i wish i could try it but in the meantime i tried booting with the "last good configuration". apparently this had a temporary administrator password (perhaps set by the dcpromo program) because now i can't log on. it seems the only way to reset the password (i had no other administrator accounts set up except the "administrator" account) is to do a complete re-install. good thing this is just an experiment because the whole thing has gone horribly wrong! "ptwilliams" <ptw2001@hotmail.com> wrote in message news:uw6h2rmyEHA.824@TK2MSFTNGP11.phx.gbl... > Try this instead, it's less confusing with regards to which credential > flags > to use: > > nltest /sc_reset:domainName.com > > > If you are not interactively logged onto the server, use the /server > parameter to stipulate which server to reset the channel on. > > Obviously, if you do not wish to reset the channel, you can use the > /sc_change_pwd:domainName parameter instead. > > -- > > Paul Williams > > http://www.msresource.net > http://forums.msresource.net > > > "Gary Roach" <jgroach@NOSPAMcogeco.ca> wrote in message > news:%234TwtukyEHA.3120@TK2MSFTNGP12.phx.gbl... > Thanks for the reply. i tried using netdom resetpwd on the old bdc that's > giving the problem. when i use > > The parameter Domain was unexpected. > > netdom resetpwd /server:<pdc> /userd:ntdomain\administrator /passwordd:* > > i get: > > Parameter /Domain is required for this operation > > when i try: > > netdom resetpwd /domain:ntdomain /server:<pdc> > /userd:ntdomain\administrator > /passwordd:* > > i get: > > The parameter Domain was unexpected. > > > sounds like the system doesn't know if the upgraded bdc is in a domain or > not. (or maybe i just can't do it from directory services restore mode, > which is the only mode i can use since i can't boot into normal mode.) > > this is just a test - i read that this is the correct way to upgrade an NT > domain to windows server 2003. i'm glad i ran this test because it seems > there's a problem upgrading bdc's. maybe a better way is to take the bdc's > out of the domain before anything is upgraded and then upgrade the pdc in > order to convert the SAM to AD and retain whatever resources need keeping > and then do clean reinstalls on the bdc's and rejoin them to the new AD > domain. any thoughts? > > > "Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@usw-consulting.com> wrote in > message news:e0Z3R0OyEHA.1564@TK2MSFTNGP09.phx.gbl... >> "Gary Roach" <jgroach@NOSPAMcogeco.ca> wrote in message >> news:jgroach@NOSPAMcogeco.ca: >>> >>> The computer BDC tried to connect to the server PDC using the trust >>> relationship established by the NTDOMAIN domain. However, the computer >>> lost >>> the correct security identifier (SID) when the domain was reconfigured. >>> Reestablish the trust relationship. >>> >>> This SID must have been lost when the bdc was upgraded because after the >>> pdc >>> was upgraded the bdc worked find and i could run service manager on it >>> and >>> see both machines. now my question is: how do i reestablish the trust >>> relationship? >> >> Hello Gary, >> >> The event is not talking about a trust relationship between domains, >> it's talking about the secure channel between the computer and the >> domain. >> >> You should be able to reset the computer with it's account by using the >> command "netdom resetpwd". >> >> -- >> Gruesse - Sincerely, >> >> Ulf B. Simon-Weidner >> >> MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz >> Weblog: http://msmvps.org/UlfBSimonWeidner >> WebSite: http://www.windowsserverfaq.org > > >
- Next message: ptwilliams: "Re: Determining which machines I've logged on to"
- Previous message: Ryan Hanisco: "Re: Hack Attempt on Windows 2003 AD Native"
- In reply to: Gary Roach: "Re: need to rebuild trust relationship b/w domain controllers"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
