I have a SBS 2003 server that started having a strange problem (detailed here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_24201996.html#a24019047
In attempting to join a Mac to the domain, the Mac took over the server's name...and now the server is classified as a workstation.
Other than the errors detailed in the question above (and similar errors on workstations), the network is running, people are getting email and able to access shared resources. However, I have to think that I'm just looking for trouble down the road if I leave the setup as is.
When a DCDIAG is run, this is the only error:
Starting test: MachineAccount
The account COMPANYSBS is not trusted for delegation. It cannot replicat
The account COMPANYSBS is not a DC account. It cannot replicate.
Warning: Attribute userAccountControl of COMPANYSBS is: 0x1000 = ( UF_WO
Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TR
This may be affecting replication?
......................... COMPANYSBS failed test MachineAccount
Through other research, I found (and Microsoft confirmed) that the userAccountControl attribute needs to be changed from its current value of 4096 to the correct value of 532480. However, several different attempts to do so have failed due to insufficient rights or permissions.
The only system state backup that I have that does not have the problem is from 10/9/2007. Microsoft advised that I restore that backup and I should be all set; but I have a hard time believing that since I'm guessing I'd have to fix a slew of problems with changes made since October 2007.
Any suggestions as to how this attribute can get changed? We tried via ADSIEDIT and LDP, no dice.