Re: NT4 Server box fails to logon in upgraded AD Domain

From: Manos Anastasiadis (am_at_isc.tuc.gr)
Date: 08/16/04 

Date: Mon, 16 Aug 2004 12:37:23 +0300

Hi all,

After failing to connect from MAIL to our AD domain,
even with using a manually created LMHOSTS file
explicitly stating the domain and DC as stated in
http://support.microsoft.com/default.aspx?scid=kb;EN-US;180094
I tried digging a bit more into the net, where I discovered
an article regarding a feature I was not aware of:
by default, netlogon automatically resets computer
account passwords every 7 days
(see http://www.serverwatch.com/tutorials/article.php/1476611).
Note: our NT DCs allow this automatic reset
since the registry value 'RefusePasswordChange' in
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
has the value of 0 (DWORD).

Since the off-line upgrade of the NT4 domain to AD
took place about 3 weeks ago, it seems like the
failure to connect to the new domain is caused by
the "computer-account password-reset" feature,
since the AD domain probably contains an out-of-date
password for the specified computer (and I guess
for any other member of the domain).

So my next question is:
Is it "safe" (whatever this may mean) to reset the
computer password to, say, the default
(%computername%$) or anything else in both domains
so I can continue with testing the migration process
with the ExDeploy tool but still be able to re-plug the
MAIL computer to the original NT domain
(which still is our on-line 'production' environment)?

TIA again,

-------------------------
Manos Anastasiadis
Systems Engineer