Solved

Resetablishing Trust relationships in AD

Posted on 2007-04-08
5
700 Views
Last Modified: 2008-05-30
how do you restablish trust relationships if AD was reinstalled?
0
Comment
Question by:Marshalk
  • 3
  • 2
5 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
Comment Utility
Can you elaborate further on the situation that you are trying to resolve?

[1] What do you mean by "AD was reinstalled"?  Did you lose a single DC in the forest root domain? In a child domain? Did you lose the only DC in your environment?  Please describe your current environment in more detail.

[2] What sort of trust relationships are you trying to re-establish? Again, more details on your current environment would be helpful, as well as a description of the problem you are encountering or error message that you are receiving.
0
 

Author Comment

by:Marshalk
Comment Utility
I was running a 2000 SERVER as the AD PDC.  I also had a 2003 SERVER running AD as a child.  The 2003 PC died and when I rebuilt it, I could not add it back into the domain because it was never demoted before it died.  After reading about the ways to physically demote a DC, I decided to just rebuild the PDC (It is fairly old and had a few other dead DC in there).  I demoted the PDC, removed AD and then reinstalled it as a PDC with AD.  I then rebuilt the 2003 server and added it to the domain as a child.  Once I was done, I realized that all my windows XP Pro boxes (6) will not properly login because they are members of the old domain.  To reestablish them in the new domain I have to remove them then readd them.  This is a problem because their profiles as huge and I don't want the desktops to change.  I wanted to know if there is a way to do this without losing ingo on all the desktops and end up with a corrected network.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
Comment Utility
Unfortunately there is not a way to do what you are suggesting.  You have created a completely new Active Directory environment, which means that your workstations need to be removed from the old domain and added to the new domain.  You will need to do this even if you have given the old and the new domains the same name.

The only way to avoid dropping and re-adding the workstations to the new domain would be to restore the 2000 domain controller from a system state backup of the old domain, if you have one available. You can then remove referenced to any failed DCs using the steps listed in this KB: http://support.microsoft.com/kb/216498

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:Marshalk
Comment Utility
Is there a way to minimize the effects of this on the workstation's desktops?  They are very tweaked!
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
Comment Utility
1. Create a local account called migrate and log on with this account once to create a "shell" profile. Log onto the workstation as a local admin - must be a different account than the migrate local account.

2. Go to the System applet in Control Panel. Under User Profiles copy the profile for OldDomain\UserA to the migrate account.

3. Switch the domain membership of the PC.  (Order is important, Step 2 must be done first.)

4. Log onto the new domain as NewDomain\UserA to establish a "shell" profile

5. Logout, then log back onto the workstation as a local admin. Go back to the System applet and copy the profile for the migrate local account to NewDomain\UserA.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now