Adding 2012 AD/DNS to current 2003 AD/DNS

We've added 2012 R2 AD/DNS to our current 2003 AD/DNS and wanted to know if this is causing our "The trust relationship between this workstation and the primary domain failed" errors. If so, how can I stop the problem, without having to go to every machine and remove and add back to domain.

DNS seems to be ok. Is there anything I should check?
LVL 1
HaroldNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Adding an additional 2012DC to the domian should NOT stop your Trust from working.

Is this happening with all computers in your domain or only a select few?

Check the client logs and also the logs on the domain controllers as well to see if there is any other info as to why this would happen.

Then you have trust relationship issues between the domain and clients it is typically due to the following...
- computer passwords not synced with the domain
- images for pc not properly sysprep-ed


Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HaroldNetwork EngineerAuthor Commented:
"images for pc not properly sysprep-ed".....I've only sysprep-ed servers. Didn't know I was supposed to do PCs.
0
Will SzymkowskiSenior Solution ArchitectCommented:
PC's should ALWAYS be syspreped correctly before adding them to a domain. This is probably the most common issue I see when machines are losing their trust with the domain.

Will.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

HaroldNetwork EngineerAuthor Commented:
Do the same as server, I assume? :-(
0
Will SzymkowskiSenior Solution ArchitectCommented:
Yes that is correct. Anytime you add a server, workstation to your domain you need to ensure that you are sysprep-ing the machines correctly.

If you do not this is the type of issues you can encounter.

This even gets more ugly in Server 2012. In eariler versions of Server 2003 was not as picky and it does allow you to add machines to a domain where they are not properly sysprep. At this point some times you may not experience any issues but it is still required that you sysprep your machines.

In server 2012 you will get an error message trying to add machines to the domain if they are not properly syspreped. So this is a good mechanism in place which forces you to do it before you run into issues like you have experienced.

Will.
0
HaroldNetwork EngineerAuthor Commented:
Thanks Will!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.