Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1142
  • Last Modified:

BDC > PDC TRANSFER PROBLEMS

Hi

We have a Windows NT 4 Domain and have recently transfered over the BDC PDC roles on new machines.  The PDC was working correctly the BDC was rebuilt from scratch.  The PDC and BDC were syncronised and the the BDC was promoted to PDC.  Now errors all appeared well - BDC and PDC could see each other in the respective server managers.  Users could log into the network.

First we knew of a problem is that 2 users cannot reset their respective passwords - checking on the new PDC logs no errors.  Accounts can be created but no looged into - PDC appears to be readonly.... We also disable an account and the user can still log in - although the PDC in its opinion has locked out the account (security log) Help.... as staff are requested to change passwords we will lose them from the domain.

Byron
0
BYRONJACKSON
Asked:
BYRONJACKSON
  • 4
  • 3
  • 2
  • +1
2 Solutions
 
averybCommented:
Tell me exactly how you installed the new domain controller.  Did you change machine name or IP address.

It sounds like you have two different domains, but both have the same name.

Download pstools v2.01 from sysinternals.com.  It has a command line tool called psGetSid.  This will let you compare the SIDS for each domain.  Run it on the PDC and BDC.  Post the results back here.



0
 
magus123Commented:
after looking at other posts ,

it seems that sometimes it takes several minutes or hours  for the
bdc or pdc to update properly.

also reading other posts it seems when you add a  service or other
major change in  NT , you must reapply the latest service pack
which is  SP6a. did you have a service pack applied on both the pdc
and bdc when you promoted. having the same service back on both
servers can make a world of difference.

heres where i got it from
http://www.experts-exchange.com/Operating_Systems/WinNT/Q_20936248.html

can synchronization help your problem
maybe settings havent been updated http://seamonkey.ed.asu.edu/~alex/computer/windows/sync.html
0
 
BYRONJACKSONAuthor Commented:
OK - Thanks for the above not quite sure what is going on to be honest... In answer to AveryB and Magus123 I had PDC and BDC the BDC was sick so a new server was built and introduced to the network as BDC syncronised OK.  I then (because this machine was higher spec) promoted it via the old PDC and the old PDC was left in situi in its BDC state. Both OS were NT4 SP6a prior to the switch being made and the Sync took place with no errors.  The test users created are replicated however on a log on attempt the user is not known - however the PDC event log shows nothing. Existing users that are disable are able to log in - however the security log shows them as haviing been denied access..

Changes appeared to have carried across and all appeared well on the service. I have checked the usual cfg file recreated and still no joy. Hasve checked te registry secuirty keys set to 3 and 2 for PDC/BDC and master browser for the PDC - TRUE.   I have a little time as my users are currently blissfully unaware of the problem - yet!  I wil get back to you once I have tried the above.

Thanks for the response
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
averybCommented:
Are you running WINS?

If a WINS server finds out about a name mapping from a replication partner, and that replication partner goes away, then the WINS mapping sticks around.

Look over the WINS database too.
0
 
ahmedbahgatCommented:
if you promote the old PDC back to PDC, will the problem stay?


cheers
0
 
BYRONJACKSONAuthor Commented:
In answer to all we utilise WINS (W2K) the entries for these machines are static and no changes made to IP addressing promotion of the old PDC had the same problem - Still in read only mode.  Again tried to force the issue using the usual registry keys to no avail.

Thanks for the response

Byron
0
 
ahmedbahgatCommented:
did you have auditing on before you checked the Security Log??,

cheers
0
 
BYRONJACKSONAuthor Commented:
Hi auditing was on - one of the strange things is that users already in existance - when disabled are able to log in - however the security log states the account had been locked out.

Byron
0
 
averybCommented:
It sounds like they are using cached credentials or the BDC is authenticating them.  The PDC sees the change in security, but the changes aren't getting replicated to the BDC.
0
 
BYRONJACKSONAuthor Commented:
I have given points to Averyb and Magus123 as they assisted the most - problems were resolved it appeared that we had somehow corrupted our transfer - we brought up another offline reserve BDC and promoted it against the new box - one we switched roles again all appeared to be well - Thanks to all who contributed.

Byron
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now