how to properly replace domain controller / trust relationship fails

[Guest]

Hi There
I have an old win2k server (Domain controller, DNS and file server) in a small enviroment (6 users) that I want to replace with a new win2003 server. I believe I made a big mistake in that I set it up as a doman controller, DNS, File and DHCP will connected thru a switch to the original server (groan)
I removed the domain controller from the new server, removed the old and re-installed the domain controller. Now when attempting to logon to the domain, I get "Trust relationship between Workstation and Domain Fails"
After researching this on this and other newsgroups, it appears all I may have to do is to remove the client from the domain to a workgroup then back to the new (same name) domain and that will repair the SID problem that I have? Or and I still being terrible naive

Your help is most appreciated
Johnboy.

 

[Cary Shultz [A.D. MVP]]

JohnBoy,

I am not following you at all! You have an old WIN2000 Domain Controller.
That is about the only part hat is clear to me. The rest is in-line....

Hi There,
I have an old win2k server (Domain controller, DNS and file server) in a

small enviroment (6 users) that I want to replace with a new win2003 server.

[CWS] - So far, understood.


I believe I made a big mistake in that I set it up as a doman controller,
DNS, File and DHCP

[CWS] - set up what as a Domain Controller, DNS, File and DHCP? The
WIN2003 Server?

will connected thru a switch to the original server (groan).


[CWS] - This 'original server' would be the 'old WIN2000 DC'?

I removed the domain controller from the new server,

[CWS] - so you dcpromoed the WIN2003 Server from a DC to a Member Server?


removed the old

[CWS] - so you dcpromoed the 'old WIN2000 DC'? Did you click on the 'this
is the last DC....'?

and re-installed the domain controller.


[CWS] - on the original, old WIN2000 DC? So you created a new domain in a
new Domain Tree in a new Forest?

Now when attempting to logon to the domain, I get "Trust relationship
between Workstation and Domain Fails".

[CWS] - if you did what I am thinking that you did then the reason for
this should be clear: the workstations are a member of the original domain
XYZ and have the SID accordingly. Once you wiped out that
forest/tree/domain and rebuilt it the SID from the old domain XYZ is not
going to work. So, yes, joining the workstations to a workgroup and then
joining them to the new domain will resolve this. There will be other
problems, but this specific issue will be resolved.

HTH,

Cary

After researching this on this and other newsgroups, it appears all I may

have to do is to remove the client from the domain to a workgroup then back
to the new (same name) domain and that will repair the SID problem that I
have? Or and I still being terrible naive?