Re: reestablish trust relationship

In news:F414ABDD-7D9E-488E-B774-9AD4A132E848@xxxxxxxxxxxxx,
Skip <Skip@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I then commented on
below:
> I recently reconfigured a new DC ( the old one was removed) with a new
> domain. I now have a workstation that has issues when accessing this
> new server/domain. Apparently the trust relationship is lost due to
> SID issues.
>
> The workstation event log tells me that it lost the correct SID when
> the domain was recofigured.
>
> How do I reestablish this trust?

The workstation would need to be disjoined, then rejoined to the domain. But
you will need to deal with your users' lost profiles.

I am assuming "reconfigured" means you rebuilt it from scratch and you
renamed the new domain controller the same exact domain and machine name as
the old one. Intra-forest trusts between DCs and/or member machines (joined
clients) are not based on the computer name, but rather the Kerberos Service
Principal Name (SPN, which is based on the FQDN) and the initial trust
established that utilizes the machine's SID for identification purposes to
authenticate any communications between the machines. If you rebuilt the DC
from scratch, a totally new domain along with new SIDs were created.

I hope that helps.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================


.

Relevant Pages

  • Re: reestablish trust relationship
    ... I'm doing this for a client. ... Apparently the trust relationship is lost due to ... >> SID issues. ... Intra-forest trusts between DCs and/or member machines (joined ...
    (microsoft.public.windows.server.dns)
  • Re: SID History and SID Filtering questions (netdom)
    ... group policies rebooted the lab DC's and tried the command, netdom ... ... Oh and by the way the Technet doc on how to create a SID mapping file ... SID filtering is enabled automatically on any trust relationships created by domain controllers running Windows 2000 Service Pack 4 or Windows Server 2003. ...
    (microsoft.public.windows.server.migration)
  • Re: SID History and SID Filtering questions (netdom)
    ... SID filtering is enabled automatically on any trust relationships created ... by domain controllers running Windows 2000 Service Pack 4 or Windows Server ... you can manually enable it by using the Netdom trust command line ... To disable SID ...
    (microsoft.public.windows.server.migration)
  • Re: SID History and SID Filtering questions (netdom)
    ... which means the Quarantine is set to YES. ... group policies rebooted the lab DC's and tried the command, netdom ... ... Oh and by the way the Technet doc on how to create a SID mapping file ... SID filtering is enabled automatically on any trust relationships created by domain controllers running Windows 2000 Service Pack 4 or Windows Server 2003. ...
    (microsoft.public.windows.server.migration)
  • Re: SID History and SID Filtering questions (netdom)
    ... which means the Quarantine is set to YES. ... group policies rebooted the lab DC's and tried the command, netdom ... ... Oh and by the way the Technet doc on how to create a SID mapping file ... SID filtering is enabled automatically on any trust relationships created by domain controllers running Windows 2000 Service Pack 4 or Windows Server 2003. ...
    (microsoft.public.windows.server.migration)
Loading