Professional Documents
Culture Documents
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server
2003 with SP2
Troubleshooting Trusts
What problem are you having?
After upgrading a Windows NT 4.0 domain with existing trusts to Active Directory domains, you encounter
various trust-related problems.
Solution: Reset and verify the trust between the domains. The PDC emulator master must be available for a trust
to be successfully reset.
See also: Verify a trust; Operations master roles; When to create an external trust
Solution: Run Netdom to verify, reset, or establish the trust between computers. This command-line tool
performs batch management of trusts, verifies trusts and secures channels between computers, and can join
computers to domains.
Solution: Run Netdom to verify, reset, or establish trust between computers. This command-line tool performs
batch management of trusts, verifies trusts and secures channels between computers, and can join computers to
domains. If this does not help solve the issue, see article Q317178, "Windows NT 4.0 Domain Updates Trust
Account Password on Non-PDC," in the Microsoft Knowledge Base.
After upgrading a Windows NT 4.0 domain with existing trusts to Active Directory domains, you
encounter various trust-related problems.
Cause: When the domain has been upgraded, the existing trusts to Active Directory domains remain
Windows NT 4.0 trusts. Internet Protocol Security (IPSec) cannot work over a Windows NT 4.0 trust. Or, trusts to
other domains in the forest are no longer available.
Solution: After upgrading a Windows NT 4.0 domain to an Active Directory domain, it is recommended that you
delete and recreate all previously existing trusts with Active Directory domains. If this does not solve the issue, see
article Q275221, "Trusts Unavailable on Backup Domain Controllers After Upgrading the Windows NT Primary
Domain Controller," in the Microsoft Knowledge Base.