We have a Windows NT 4 Domain and have recently transfered over the BDC PDC roles on new machines. The PDC was working correctly the BDC was rebuilt from scratch. The PDC and BDC were syncronised and the the BDC was promoted to PDC. Now errors all appeared well - BDC and PDC could see each other in the respective server managers. Users could log into the network.
First we knew of a problem is that 2 users cannot reset their respective passwords - checking on the new PDC logs no errors. Accounts can be created but no looged into - PDC appears to be readonly.... We also disable an account and the user can still log in - although the PDC in its opinion has locked out the account (security log) Help.... as staff are requested to change passwords we will lose them from the domain.