Migration trust error

Migration trust error

Post by El Mark » Sat, 12 Mar 2005 02:38:59


I'm trying to setup a two-way trust between our existing NT4 domain and our
up-and-coming 2k3 Server domain. However, when I attempt to create a
"Trusting" domain in NT I get a message "The user account already exists"

What do I need to do?

m
 
 
 

Migration trust error

Post by v-jason » Sat, 12 Mar 2005 12:45:37

Hi El,

Thanks for posting!

I understand that you were unable to establish a trust between a Windows NT
4 domain and a Windows 2003 domain to prepare for a migration.

You were receiving the following error "the User account already exists".

Based on my further research, please let me provide you with the following
information for your reference:

CAUSE
============

You had a trust set up with that domain previously, and had removed it,
using the Trust Relationship dialog box in the Policies tool in User
Manager. However, it was not removed from the registry on the primary
domain controller (PDC).

RESOLUTION
===============

The administrator will have to remove the trust from the registry in order
to be able to set up the trust again.

WARNING: Using Registry Editor incorrectly can cause serious, system-wide
problems that may require you to reinstall Windows NT to correct them.
Microsoft cannot guarantee that any problems resulting from the use of
Registry Editor can be solved. Use this tool at your own risk.

1. Log on as an administrator to the domain from the PDC.

2. Start the Registry Editor (REGEDT32.EXE)

3. Switch to the HKEY_LOCAL_MACHINE on Local Machine window

4. Highlight the SAM key. The SAM key will be grayed out by default because
the administrator does not have full control for that key.

5. Give the administrator full control to that key and its subkeys. The
administrator should then be able to access that SAM key.

6. Remove the domain name of the domain you are trying to set up the trust
with from the following location:

HKey_local_machine\Sam\sam\domains\account\users\names\nameofotherdomain$

We saved this key and deleted it.

After removing that entry from the registry, you should then be able to set
up the trust in the Trust Relationship dialog box in the Policies tool in
User Manager.

I hope my information helps. If there is anything that is unclear, please
feel free to let me know.

Thanks & Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 
 
 

Migration trust error

Post by El Mark » Sat, 12 Mar 2005 20:27:43

Jason -

I found the problem.

Seems that, years ago, there was a computer with the same name as the
Trusting Domain. That computer has been gone for years, but the Server
Manager still had it listed in the computer domain accounts. Once I removed
that account, I was able to establish the trust normally.

Thanks
m



NT
because
trust
set
rights.
 
 
 

Migration trust error

Post by v-jason » Sat, 12 Mar 2005 21:12:06

Hi El,

Thanks for your reply! We are glad that you have resolved the issue. If you
have any other questions or concerns, please do not hesitate to contact us.
It is always our pleasure to be of assistance!

Thanks & Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.