you need to remove those win2k workstations out of the domain into a workgroup, then reboot, then readd them back to the domain, this time when you add them to the domain they will pick up the correct nt domain from your nt servers. Even though your domain is the same name , win2k workstations have to be removed from the domain because they have a domain sid assigned in their registry which points to the win2k DC, since you took the win2k dc's offline, the win2k servers still are looking for that domain sid and your nt server does not have the same domain sid and thus the message trust has been broken.
Remove them from the domain and add them back and all your win2k workstations will be fine. Let me know if that helped. thx -----Original Message----- From: Ken Cornetet [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 3:06 PM To: Exchange Discussions Subject: RE: NT to AD Backout Problem My gut feel is that you'd have better luck promoting one of the BDCs to PDC for backout. -----Original Message----- From: Martin, Jon [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 10:48 AM To: Exchange Discussions Subject: NT to AD Backout Problem More of an NT/AD than an Exchange issue, but we're only going to AD to get to Exchange 2000, so here goes: As part of planning our migration from our current single NT domain to a single-forest, single-domain active directory, a plan to back out this upgrade in case of unforeseen problems is being developed and tested. The upgrade plan goes something like this: - Create a new NT BDC on new hardware. - Take the production NT PDC offline prior to the AD upgrade. - Promote a new BDC to the PDC. - Upgrade the PDC to AD This is all done using the same netbios domain name in AD as we had in NT, and an internal DNS namespace name that happens to be the same as our WinNT/AD domain name. And, it works great. But, just in case it does not go as well in the real world as it does in our lab, we have the following as a backout plan: - Take the new AD DC(s) offline - Put the old PDC online. - Re-sync the NT domain So far, so good. It all works great - everyone can log back on to the old NT domain and keep going while I figure out what went wrong. Well there is one exception: Windows 2000 workstations and member servers cannot log on - they get a 'Broken trust relationship with the domain controller' message at log on. Win9x and NT boxes have no problem. Any ideas?? Much thanks for any assist. Jon Martin Systems Programmer East Bay Municipal Utility District (EBMUD) Oakland, CA _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
