• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1060
  • Last Modified:

Reestablish trust between new DC and XP workstations

Our Win 2000 server crashed recently so we purchased a new Dell server with Win 2008 R2 64bit.  We are using the same domain name and usernames and have promoted the new server to a DC.  Users are able to log into their workstations etc., but the event log on the server contains entries like the following:

The computer ACCOUNTING tried to connect to the server \\ZEUS using the trust relationship established by the AMSSERVER domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.

How do I reestablish the trust relationship between the new server and the workstations from the server (I'd rather not provide new credentials to the users or do anything that would change their current windows settings/profiles).  All outlying workstations are Windows XP Pro.  Thanks!
0
jamesams
Asked:
jamesams
  • 5
  • 3
  • 3
2 Solutions
 
KenMcFCommented:
SInce this is a new Domain\Forest the SID is different. You will need to remove the workstation from the current domain then add the workstations to the new domain. all users will get a new profile. You can move the old profile to the new one on the local computers.
0
 
patternedCommented:
Remove the computer off the domain and rejoin.  This will not affect user profiles.

Right click My Computer, go to properties.
Click on the Computer Name tab, click the "Change" button, click the "Workgroup" radio button, Apply, reboot.
After rebooting, do the same thing except click the "Domain" radio button and put in the proper domain (whatever was there before).  


Or for deeper troubleshooting:  http://support.microsoft.com/default.aspx?scid=kb;EN-US;216393
0
 
patternedCommented:
Sorry, I didn't read that right.
KenMcF is right.  Because the SIDs will be different, a new userprofile will be created if you follow my above advice.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
jamesamsAuthor Commented:
Actually, I just tried that pattered...the test user was test.AMSSERVER...after I temporarily used Workgroup 'Temp', rebooted and logged back in and changed joined the AMSSERVER domain, a new profile was created for user test called test.AMSSERVER.000
0
 
KenMcFCommented:
jamesams, This will happen on all workstations. SInce the Domain SID and user SID will be new. You will need to do that on all workstations and copy the old profile to the new one.
0
 
jamesamsAuthor Commented:
got it...trying it now....
0
 
jamesamsAuthor Commented:
Ok, some oddities with copying the old profile to the new, but the process worked.  I just thought there should be some way to do this from the server only....
0
 
patternedCommented:
Yes jamesams.  I was under the impression that you had backups and restored the domain.

As KenMcF said, this will happen on all the clients because of SID changes.
0
 
KenMcFCommented:
Unfortunately there is no easy way because the domain was not restored, all computers see this as a new domain with new users..  
0
 
jamesamsAuthor Commented:
Many thanks!
0
 
jamesamsAuthor Commented:
Thanks!
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now