Solved

Bring a computer to a domain preserving documents and settings or Reestablish the trust relationship.

Posted on 2003-11-19
7
525 Views
Last Modified: 2010-04-14
Situation:
----------

1) Customer with a w2k server domain (with exchange) with about 10 client PCs (W98, W2K Pro, WXP).

2) Customer decided to reinstall the w2k server from scratch. He decided to manually create users and computers directly in the server, mantaining previous names hopping that all be quite transparent.

3) Here is when I come to this customer.

4) When turning on the PCs I noticed that they could log on the user (i.e. the server actually granted access to the server to this user) although the PC is not recognized (computer asset in AD ?)

5) I tried to "demote" this client PC to a workgroup and afterwards joined the domain. It worked but I noticed that it created a new profile, thus losing documents and settings etc.. In fact I even noticed that the name of the new domain is not quite the same as it were.

6) If I do not do step 5) almost everything works although the client workstations don't see each other. By the way the event viewer found a netlogon error 5513 that says:

The computer PCNAME tried to connect to the server \\SERVERNAME using the trust relationship established by the SERVER_SRV domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.

7) How to Reestablish the trust relationship.

Thanks in advance
0
Comment
Question by:pfsilva
  • 3
  • 2
7 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 9778133
The reinstallation created a completely new domain with completely new users; it doesn't matter if the names are still the same.
Your users are currently logging in with locally cached credentials.
You will have to rejoin all W2k/XP machines to the domain (your step 5); that will take care of the "lost trust relationship" On your Win98 clients, you only have to adjust the NetBIOS domain name to validate against  (if that name was changed).
For the old profiles to work, it is not enough to simply copy the old profile over the new ones; the new user will not have access to the old registry. Do the following:
Logon as the new domain user whose profile you want to restore; that will create the new profile folder.
Log off, log back on as administrator.
Open Explorer, go to the user's new profile; back up any new files that might have been created, then delete everything in the user's new profile folder, but leave the folder.
If necessary, take ownership of the user's old profile folder.

HOW TO: Take Ownership of a File or Folder in Windows XP
http://support.microsoft.com/?kbid=308421

Copy everything from the old profile folder into the new profile folder using Explorer. Then use "Method III" (editing the registry) in the article below to give the new domain user full access to the registry (ntuser.dat). You can remove the old user's SID entry there as well.

How to Update Permissions for User Profiles
http://support.microsoft.com/?kbid=156697
0
 
LVL 4

Accepted Solution

by:
Vinnnnie earned 250 total points
ID: 9779648
Create a Trust for each PC by doing the following. This works for me everytime!

Go to Active Directory Sites and Users
Go to Computers and Delete all the ones in question. Don't delete the ones that are currently in use.
Logon to one of the PCs as Admin for the local PC
Right-click my computer and then click Properties
Go to Network Identification and click Properties where it says "To rename this computer or join a domain, click properties."
When you do that, Type the name of the PC (Make sure they are unique) and type the name of the domain.
When you click okay, it should ask for a domain name and password. Use the one for the person using the PC.
When you click okay, it should say, "Welcome to XXX Domain"

That is the way to re-eastablish the trust between the domain and client PCs.
0
 
LVL 4

Expert Comment

by:Vinnnnie
ID: 9779658
Oh, Make sure all the Client PCs are in the same workgroup
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:pfsilva
ID: 9780385
Vinnnnie,
Do you mean that when I join the local PC to a domain and if I use name/password for the person using the PC instead of Domain Admin Name/password I should recover all "Documents and Settings"? Including OUTLOOK.OST / .PST files? Should this user be given special rights (domain admin, ...) or domain user is sufficient ?

Thanks in advance,

Pedro
0
 
LVL 4

Expert Comment

by:Vinnnnie
ID: 9780466
Yes, login as the local user and then see if all their settings are there. If they are make sure the user has Admin Rights (I would do it temporarily) and then take it off when you re-join the domain. Domain User will not be suffecient unless you add Admin to Domain Users (somehow) but I would just add them to Domain Admins for now. I just did this yesterday and it worked for me.
0
 

Author Comment

by:pfsilva
ID: 10917453
Sorry for the delay in closing this item.
Thanks Vinnnnie
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Migrate DHCP from server 2000 to 2008 1 625
Windows 2000  Domain controller 3 497
Video card with drivers for Windows 2000 8 146
Windows 2000 48-bit LBA 13 18
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Employees depend heavily on their PCs, and new threats like ransomware make it even more critical to protect their important data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now