Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

BDC > PDC TRANSFER PROBLEMS

Posted on 2004-04-28
10
Medium Priority
?
1,137 Views
Last Modified: 2013-12-28
Hi

We have a Windows NT 4 Domain and have recently transfered over the BDC PDC roles on new machines.  The PDC was working correctly the BDC was rebuilt from scratch.  The PDC and BDC were syncronised and the the BDC was promoted to PDC.  Now errors all appeared well - BDC and PDC could see each other in the respective server managers.  Users could log into the network.

First we knew of a problem is that 2 users cannot reset their respective passwords - checking on the new PDC logs no errors.  Accounts can be created but no looged into - PDC appears to be readonly.... We also disable an account and the user can still log in - although the PDC in its opinion has locked out the account (security log) Help.... as staff are requested to change passwords we will lose them from the domain.

Byron
0
Comment
Question by:BYRONJACKSON
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 4

Assisted Solution

by:averyb
averyb earned 750 total points
ID: 10942155
Tell me exactly how you installed the new domain controller.  Did you change machine name or IP address.

It sounds like you have two different domains, but both have the same name.

Download pstools v2.01 from sysinternals.com.  It has a command line tool called psGetSid.  This will let you compare the SIDS for each domain.  Run it on the PDC and BDC.  Post the results back here.



0
 
LVL 7

Accepted Solution

by:
magus123 earned 750 total points
ID: 10942231
after looking at other posts ,

it seems that sometimes it takes several minutes or hours  for the
bdc or pdc to update properly.

also reading other posts it seems when you add a  service or other
major change in  NT , you must reapply the latest service pack
which is  SP6a. did you have a service pack applied on both the pdc
and bdc when you promoted. having the same service back on both
servers can make a world of difference.

heres where i got it from
http://www.experts-exchange.com/Operating_Systems/WinNT/Q_20936248.html

can synchronization help your problem
maybe settings havent been updated http://seamonkey.ed.asu.edu/~alex/computer/windows/sync.html
0
 

Author Comment

by:BYRONJACKSON
ID: 10943914
OK - Thanks for the above not quite sure what is going on to be honest... In answer to AveryB and Magus123 I had PDC and BDC the BDC was sick so a new server was built and introduced to the network as BDC syncronised OK.  I then (because this machine was higher spec) promoted it via the old PDC and the old PDC was left in situi in its BDC state. Both OS were NT4 SP6a prior to the switch being made and the Sync took place with no errors.  The test users created are replicated however on a log on attempt the user is not known - however the PDC event log shows nothing. Existing users that are disable are able to log in - however the security log shows them as haviing been denied access..

Changes appeared to have carried across and all appeared well on the service. I have checked the usual cfg file recreated and still no joy. Hasve checked te registry secuirty keys set to 3 and 2 for PDC/BDC and master browser for the PDC - TRUE.   I have a little time as my users are currently blissfully unaware of the problem - yet!  I wil get back to you once I have tried the above.

Thanks for the response
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:averyb
ID: 10944060
Are you running WINS?

If a WINS server finds out about a name mapping from a replication partner, and that replication partner goes away, then the WINS mapping sticks around.

Look over the WINS database too.
0
 
LVL 16

Expert Comment

by:ahmedbahgat
ID: 10944319
if you promote the old PDC back to PDC, will the problem stay?


cheers
0
 

Author Comment

by:BYRONJACKSON
ID: 10946848
In answer to all we utilise WINS (W2K) the entries for these machines are static and no changes made to IP addressing promotion of the old PDC had the same problem - Still in read only mode.  Again tried to force the issue using the usual registry keys to no avail.

Thanks for the response

Byron
0
 
LVL 16

Expert Comment

by:ahmedbahgat
ID: 10947169
did you have auditing on before you checked the Security Log??,

cheers
0
 

Author Comment

by:BYRONJACKSON
ID: 10947372
Hi auditing was on - one of the strange things is that users already in existance - when disabled are able to log in - however the security log states the account had been locked out.

Byron
0
 
LVL 4

Expert Comment

by:averyb
ID: 10948248
It sounds like they are using cached credentials or the BDC is authenticating them.  The PDC sees the change in security, but the changes aren't getting replicated to the BDC.
0
 

Author Comment

by:BYRONJACKSON
ID: 11003081
I have given points to Averyb and Magus123 as they assisted the most - problems were resolved it appeared that we had somehow corrupted our transfer - we brought up another offline reserve BDC and promoted it against the new box - one we switched roles again all appeared to be well - Thanks to all who contributed.

Byron
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question