Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Creating Trusts "the Account already Exists"

Posted on 2004-04-06
8
Medium Priority
?
517 Views
Last Modified: 2013-12-23
I am trying to set up a 2 way trust between a Nt4 domain and a win2k domain.

When i try to add the win2k domain to the trusting Domain on the NT4 domain i get the message that "the Account already Exists". this is the only section i have a problem with.

Any Ideas?
0
Comment
Question by:whookie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 1500 total points
ID: 10768080
Account created when a trust relationship is established between two domains. To implement the trust, an interdomain trust account is created in the directory db of the trustED domain. The account is created when the administrator of the trusted domain defines the trusting domain using the admin application User Manager for Domains. The account has the USER_INTERDOMAIN_TRUST_ACCOUNT bit set which identifies it as only used for trust relationships. The account is hidden and cannot be modified. The password and account is used when establishing a session with the trustING domain. The account is only viewable via registry on the PDC of the trustED domain: HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Accounts\Users\Names\<trustEDdomainname>$.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 10768104
0
 

Author Comment

by:whookie
ID: 10768491
Usefull information but i don't think it solves my problem. I have no problem setting up the trusted domain entries on both the Win2k and NT4 domains. It is when i try to add the entry for trusting domains on the nt4 domain that i receive my error.

I also looked in the registry keys that you provided and i didn't have any entries deaper that \sam\sam
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 33

Expert Comment

by:MikeKane
ID: 10768523
Perhaps, then, a diagram showing the different domains and the trusts for those domains that you want to setup.  IT would also help me if you specified where trusts already exist and where new ones are to be created.

Thanks
0
 

Author Comment

by:whookie
ID: 10768598
OK here we go.

chc-nt (nt4 Domain) and    Commhealth (win2k Domain) They are both at the same physical location just in different domains.

I want to set up a 2 way trust between these to domains. Making chc-nt a trusted domain to the commhealth domain is working. it is when i try to make CHC-nt a trusting domain that i get the error.
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 10768663
With trusts, I found that it's sometimes easier just to blow away the entire trust and recreate it.      With only 2 domains, that should be pretty easy.    
 

Here are the How-to's I'm sure you already know, but worth double checking:
 (http://support.microsoft.com/default.aspx?scid=kb;en-us;306733&Product=win2000)
 
Create a Two-Way Trust
To create a two-way trust between a Windows 2000 domain and the Windows NT 4.0 domain:
On the Windows 2000 domain controller (DC), click Start, point to Programs, point to Administrative Tools, and then click Active Directory Domains and Trusts. Right-click the appropriate domain name, click Properties, and then click the Trusts tab.
Under Domains that trust this domain, click Add.
In Trusting Domain, type NTDOMAIN, and then type a password. Note that the password must meet the minimum password requirements for the trusting domain.
On the Windows NT 4.0 primary DC (PDC), start User Manager For Domains. Open Policies, and then open Trust Relationships. Under Trusting Domain, click Add.
In Trusting Domain, type W2KDOMAIN, and then type the appropriate password.
On the Windows 2000-based computer, under Domains trusted by this domain on the Trust tab, click Add, type NTDOMAIN and the appropriate password. You should receive an informational message that states "The trusted domain has been added and the trust has been verified."
On the Windows NT 4.0 PDC, add the W2KDOMAIN domain as a trusted domain, and type the appropriate password. You should receive an informational message that states "Trust Relationship with W2KDOMAIN successfully established." The two-way trust has been established.





Also,
http://support.microsoft.com/default.aspx?scid=kb;en-us;309682&Product=win2000

and
http://support.microsoft.com/default.aspx?scid=kb;en-us;228477&Product=win2000
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10789112
Make sure you dont have a computer account already in Active Directory Users and Computers (2000) or Server Manager (NT) that matches the domain controller in the domain you are trying to trust.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10789116
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question