BYRONJACKSON
asked on
BDC > PDC TRANSFER PROBLEMS
Hi
We have a Windows NT 4 Domain and have recently transfered over the BDC PDC roles on new machines. The PDC was working correctly the BDC was rebuilt from scratch. The PDC and BDC were syncronised and the the BDC was promoted to PDC. Now errors all appeared well - BDC and PDC could see each other in the respective server managers. Users could log into the network.
First we knew of a problem is that 2 users cannot reset their respective passwords - checking on the new PDC logs no errors. Accounts can be created but no looged into - PDC appears to be readonly.... We also disable an account and the user can still log in - although the PDC in its opinion has locked out the account (security log) Help.... as staff are requested to change passwords we will lose them from the domain.
Byron
We have a Windows NT 4 Domain and have recently transfered over the BDC PDC roles on new machines. The PDC was working correctly the BDC was rebuilt from scratch. The PDC and BDC were syncronised and the the BDC was promoted to PDC. Now errors all appeared well - BDC and PDC could see each other in the respective server managers. Users could log into the network.
First we knew of a problem is that 2 users cannot reset their respective passwords - checking on the new PDC logs no errors. Accounts can be created but no looged into - PDC appears to be readonly.... We also disable an account and the user can still log in - although the PDC in its opinion has locked out the account (security log) Help.... as staff are requested to change passwords we will lose them from the domain.
Byron
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you running WINS?
If a WINS server finds out about a name mapping from a replication partner, and that replication partner goes away, then the WINS mapping sticks around.
Look over the WINS database too.
If a WINS server finds out about a name mapping from a replication partner, and that replication partner goes away, then the WINS mapping sticks around.
Look over the WINS database too.
if you promote the old PDC back to PDC, will the problem stay?
cheers
cheers
ASKER
In answer to all we utilise WINS (W2K) the entries for these machines are static and no changes made to IP addressing promotion of the old PDC had the same problem - Still in read only mode. Again tried to force the issue using the usual registry keys to no avail.
Thanks for the response
Byron
Thanks for the response
Byron
did you have auditing on before you checked the Security Log??,
cheers
cheers
ASKER
Hi auditing was on - one of the strange things is that users already in existance - when disabled are able to log in - however the security log states the account had been locked out.
Byron
Byron
It sounds like they are using cached credentials or the BDC is authenticating them. The PDC sees the change in security, but the changes aren't getting replicated to the BDC.
ASKER
I have given points to Averyb and Magus123 as they assisted the most - problems were resolved it appeared that we had somehow corrupted our transfer - we brought up another offline reserve BDC and promoted it against the new box - one we switched roles again all appeared to be well - Thanks to all who contributed.
Byron
Byron
ASKER
Changes appeared to have carried across and all appeared well on the service. I have checked the usual cfg file recreated and still no joy. Hasve checked te registry secuirty keys set to 3 and 2 for PDC/BDC and master browser for the PDC - TRUE. I have a little time as my users are currently blissfully unaware of the problem - yet! I wil get back to you once I have tried the above.
Thanks for the response