• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 764
  • Last Modified:

Resetablishing Trust relationships in AD

how do you restablish trust relationships if AD was reinstalled?
0
Marshall Kass
Asked:
Marshall Kass
  • 3
  • 2
1 Solution
 
LauraEHunterMVPCommented:
Can you elaborate further on the situation that you are trying to resolve?

[1] What do you mean by "AD was reinstalled"?  Did you lose a single DC in the forest root domain? In a child domain? Did you lose the only DC in your environment?  Please describe your current environment in more detail.

[2] What sort of trust relationships are you trying to re-establish? Again, more details on your current environment would be helpful, as well as a description of the problem you are encountering or error message that you are receiving.
0
 
Marshall KassOwnerAuthor Commented:
I was running a 2000 SERVER as the AD PDC.  I also had a 2003 SERVER running AD as a child.  The 2003 PC died and when I rebuilt it, I could not add it back into the domain because it was never demoted before it died.  After reading about the ways to physically demote a DC, I decided to just rebuild the PDC (It is fairly old and had a few other dead DC in there).  I demoted the PDC, removed AD and then reinstalled it as a PDC with AD.  I then rebuilt the 2003 server and added it to the domain as a child.  Once I was done, I realized that all my windows XP Pro boxes (6) will not properly login because they are members of the old domain.  To reestablish them in the new domain I have to remove them then readd them.  This is a problem because their profiles as huge and I don't want the desktops to change.  I wanted to know if there is a way to do this without losing ingo on all the desktops and end up with a corrected network.
0
 
LauraEHunterMVPCommented:
Unfortunately there is not a way to do what you are suggesting.  You have created a completely new Active Directory environment, which means that your workstations need to be removed from the old domain and added to the new domain.  You will need to do this even if you have given the old and the new domains the same name.

The only way to avoid dropping and re-adding the workstations to the new domain would be to restore the 2000 domain controller from a system state backup of the old domain, if you have one available. You can then remove referenced to any failed DCs using the steps listed in this KB: http://support.microsoft.com/kb/216498

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
Marshall KassOwnerAuthor Commented:
Is there a way to minimize the effects of this on the workstation's desktops?  They are very tweaked!
0
 
LauraEHunterMVPCommented:
1. Create a local account called migrate and log on with this account once to create a "shell" profile. Log onto the workstation as a local admin - must be a different account than the migrate local account.

2. Go to the System applet in Control Panel. Under User Profiles copy the profile for OldDomain\UserA to the migrate account.

3. Switch the domain membership of the PC.  (Order is important, Step 2 must be done first.)

4. Log onto the new domain as NewDomain\UserA to establish a "shell" profile

5. Logout, then log back onto the workstation as a local admin. Go back to the System applet and copy the profile for the migrate local account to NewDomain\UserA.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now