Re: reestablishing trust with subdomain
From: Phillip Renouf (PhillipRenouf_at_discussions.microsoft.com)
Date: 09/28/04
- Next message: Miha Pihler: "Re: Win2K & Win2003 Servers"
- Previous message: Dezere: "Re: Need suggestions with setting up small network."
- In reply to: Todd J Heron: "Re: reestablishing trust with subdomain"
- Next in thread: Todd J Heron: "Re: reestablishing trust with subdomain"
- Reply: Todd J Heron: "Re: reestablishing trust with subdomain"
- Reply: Gary Roach: "Re: reestablishing trust with subdomain"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Sep 2004 12:43:07 -0700
You can not delete/recreate Intraforest trusts. If you are having an issue
you might need to demote the existing sub DC, clean up AD of all references
to the old domain/DC then repromote the sub DC. This will again create a new
sub.foo.local domain, but once AD is cleaned of the old information then it
should be fine. If you had objects/resources in the sub domain that you need
back at this point you will need to restore from backup.
Phil
"Todd J Heron" wrote:
> Once you demolished your old DC for mysubdc and built a new DC, then ran
> dcpromo again, you built a new domain, and therefore, a netdom /resetpwd
> won't work. You need to rebuild the trust over again from scratch, if I am
> understanding you correctly.
>
> --
> Todd J Heron, MCSE
> Windows 2003/2000/NT
>
> "Gary Roach" <jgroach@NOSPAMcogeco.ca> wrote in message
> news:ODh1e2VpEHA.3396@tk2msftngp13.phx.gbl...
> > I'm running two windows server 2003 machines. one is called mydc and is
> the
> > only domain controller in the ad-integrated domain called foo.local. the
> > other is called mysubdc and is the only domain controller in the domain
> > sub.foo.local. something went wrong with mysubdc and i reinstalled the os
> > without demoting it or doing anything to indicate on mydc that mysubdc was
> > no longer functional. i then promoted mysubdc back to the domain
> controller
> > for sub.foo.local. no i get the following error message in mysubdc's event
> > log:
> >
> > The computer mydc tried to connect to the server \\mysubdc using the trust
> > relationship established by the SUB domain. However, the computer lost the
> > correct security identifier (SID) when the domain was reconfigured.
> > Reestablish the trust relationship.
> >
> > i investingated this in the microsoft KB and found this article:
> >
> > http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575#2
> >
> > which describes using netdom to reset machine account passwords. however,
> > when i try to use it on mysubdc with the following command line:
> >
> > netdom /resetpwd /server:mydc.foo.local /userd:foo\adminstrator
> /passwordd:*
> >
> > i get:
> >
> > The machine account password for the local machine could not be reset.
> >
> > No mapping between account names and security IDs was done.
> >
> > The command failed to complete successfully.
> >
> >
> > the article says:
> >
> > This behavior is also applicable to replication between domain controllers
> > of the same domain. If the domain controllers that are not replicating
> > reside in two different domains, you should inspect the trust relationship
> > more closely.
> >
> > but it doesn't say how to do this. do i have to demote mysubdc and start
> > again or is there an easier way? thanks for any help.
> >
> >
> > --
> > Gary Roach
> > ADB Services
> >
> >
>
>
>
- Next message: Miha Pihler: "Re: Win2K & Win2003 Servers"
- Previous message: Dezere: "Re: Need suggestions with setting up small network."
- In reply to: Todd J Heron: "Re: reestablishing trust with subdomain"
- Next in thread: Todd J Heron: "Re: reestablishing trust with subdomain"
- Reply: Todd J Heron: "Re: reestablishing trust with subdomain"
- Reply: Gary Roach: "Re: reestablishing trust with subdomain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
