RE: Trust Relationship Between 2 Domains
- From: Barazi Fuente <BaraziFuente@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 12 May 2006 03:57:02 -0700
Hi Vincent
Thank you for your reply, but I have already tried to reset the account and
this has not worked. Isn't there another way as by resetting the account I
will need to rejoin the PC to the domain. How can I achieve this on the
Domain controllers?
Thank you Imran
"Vincent Xu [MSFT]" wrote:
Hi,.
Actually, I suggest you to reset computer account.
320187 HOW TO: Manage Computer Accounts in Active Directory in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;320187
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================
--------------------
<BaraziFuente@xxxxxxxxxxxxxxxxxxxxxxxxx>Thread-Topic: Trust Relationship Between 2 Domains
thread-index: AcZ00yQ6Z9ZuhuDNTkSIrmTrBOYw3Q==
X-WBNR-Posting-Host: 217.158.191.82
From: =?Utf-8?B?QmFyYXppIEZ1ZW50ZQ==?=
<WTdSqrKdGHA.5024@xxxxxxxxxxxxxxxxxxxxx>References: <D9CC0B92-3132-4637-8FAD-E22D30CA1E03@xxxxxxxxxxxxx>
microsoft.public.windows.server.migration:23677Subject: RE: Trust Relationship Between 2 Domains
Date: Thu, 11 May 2006 01:16:02 -0700
Lines: 153
Message-ID: <EAB52A09-1480-4478-9B39-E783AF528F95@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
theNNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration
Hi Vincent
Thank you for your reply, but the problem is not with just one PC but
several, i.e. 500 workstations and 18 servers, how could I possibly reset
incomputer accounts and rejoin the domain on Domain Controllers, Exchange
Servers, DNS Servers etc. Isn't there another way or at least a method
Operatorswhich I can update all the PC's automatically, without having the need to
rejoin the PC's one by one.
Thank you
Barazi
"Vincent Xu [MSFT]" wrote:
Hi,
It appears to be the computer account corrupt. You can try to reset the
computer account.
To perform this procedure, you must be a member of the Account
Activegroup, the Domain Admins group, or the Enterprise Admins group in
As aDirectory, or you must have been delegated the appropriate authority.
procedure. 1.security best practice, consider using Run as to perform this
thenClick Start , point to Programs , point to Administrative Tools , and
clickclick Active Directory Users and Computers .
2. In the console tree, under the domain node, click Computers , or
athe folder in which the computer is located.
3. In the details pane, right-click the computer, and then click Reset
Account . NOTE : Resetting a computer account breaks that computer's
connection to the domain and requires it to rejoin the domain.
To reset a computer account using a command line, type the following at
2000command prompt, and then press ENTER
dsmod computer ComputerDN -reset
320187 HOW TO: Manage Computer Accounts in Active Directory in Windows
sohttp://support.microsoft.com/default.aspx?scid=kb;EN-US;320187
Best regards,
Vincent Xu
Microsoft Online Partner Support
======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader
rights.that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no
AD======================================================
--------------------
Fuente@xxxxxxxxxxxxxxxxxxxxxxxxx>Thread-Topic: Trust Relationship Between 2 Domains
thread-index: AcZ0JBlvZegG2m8DRdyFQa81IRPgGA==
X-WBNR-Posting-Host: 217.158.191.82
From: =?Utf-8?B?QmFyYXppIEZ1ZW50ZQ==?= <Barazi
microsoft.public.windows.server.migration:23661Subject: Trust Relationship Between 2 Domains
Date: Wed, 10 May 2006 04:23:02 -0700
Lines: 54
Message-ID: <D9CC0B92-3132-4637-8FAD-E22D30CA1E03@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.migration
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.migration
Hello
BACKGROUND
We have 2 domains setup at the site. Domain A was upgraded from NT to
was2003 and Domain B at the time remained as NT. A trust relationship
B.setup
between the 2 domains for users to access resources from Domain A &
to beThis
has been working very well.
Domain B was then migrated to AD 2003 also. The server was upgraded
part of the Forest of Domain A. In the Forest is Domain A & Domain B.
usersSeeing
Domain B was upgraded, the trust relationships were inherited as:
TRUST TYPE: Tree Root
TRANSITIVE: Yes
Incoming and Outgoing in Domain A and Domain B.
All the security and Share permissions were set in Domain A & B so
notfrom both domains have access.
PROBLEMS
The first problems I noticed was that the DNS servers in Domain A did
thecontain all the server details of Domain B, however I could see all
topology.DNS
servers of Domain B in Domain B. I checked all the replication
theEverything is being replicated without any errors to all servers in
resources inForest.
What I found strange was that users in Domain B could access
accessDomain A without any problems, however users in Domain A could not
userany
resources in Domain B. A dialog box would always appear asking the
Domainto
put in a username and password. Even though the user puts in the
isAdmin username and password of Domain B, the user still gets Access
differencesserversDenied. The user account works perfectly fine when logging onto any
successfullyand workstations in Domain B.
Recently I found 1 user in Domain A who could access resources
to domains A & B. After being unsuccessful in finding any
resolveswith
account.his PC and problem PC's as the issue was with the computer not user
TEMPRORARY SOLUTION
I decided to re-join a problem PC back into Domain A and this
domainsthe
problem. The computer can successfully browse resources in both
theregarding the correct security permissions have been set.
WHAT SHOULD I DO?
Unfortunately I cannot rejoin all the workstations from Domain A as
foretc...problem is also with the servers, including DC's, DNS, WINS, EXCHANGE
There has got to be another way. Why do I have to rejoin the PC's
thethem
to work. Is there another way I can achieve my goal. I'm sure all
DNS
entries will appear once this is done. Can you please help?
Thank you
Barazi
- Follow-Ups:
- Re: Trust Relationship Between 2 Domains
- From: Don Wilwol
- Re: Trust Relationship Between 2 Domains
- References:
- RE: Trust Relationship Between 2 Domains
- From: Vincent Xu [MSFT]
- RE: Trust Relationship Between 2 Domains
- From: Barazi Fuente
- RE: Trust Relationship Between 2 Domains
- From: Vincent Xu [MSFT]
- RE: Trust Relationship Between 2 Domains
- Prev by Date: Re: Strange problems with ADMT Help needed urgently
- Next by Date: Re: Domain upgrade from NT 4.0 to 2003
- Previous by thread: RE: Trust Relationship Between 2 Domains
- Next by thread: Re: Trust Relationship Between 2 Domains
- Index(es):
Relevant Pages
|
