1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logging on to second trusted domain

Discussion in 'Software' started by Meltin, Sep 7, 2008.

  1. Meltin

    Meltin Bit Poster

    41
    0
    12
    I've got a problem whereby I have two Windows 2003 domains set up with a two way trust in a school scenario, one an admin domain and one a curriculum domain. We have just replaced the Domain controller on the curriculum domain and obviously all policies etc should still be the same as before.They want to be able to log onto the curriculum domain using a curriculum account from a PC that is joined to the admin domain. When the logon screen comes up I can choose the curriculum domain but I am getting a message up saying " unable to log you on because of an account restriction". This is happening with all accounts including the administrator account. Anyone any ideas what could be causing this?
     
    Certifications: A+, Network+,MCSA
    WIP: 70-297
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    I take it the DC was migrated correctly? (e.g. FSMO roles)

    Anything in the event logs? Also have you go into AD sites and services and checked the trust is still in place. There may be a reference to the old DC in there somewhere.

    Might be worth taking the trust out and putting it back in if you can’t resolve the issue but the link below details some of the command line tools you can use to troubleshoot the domain trust which may be of some use.

    http://technet.microsoft.com/en-us/library/cc756944.aspx
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. Meltin

    Meltin Bit Poster

    41
    0
    12
    Thanks for that. I will have a look at those tools.
    Yes all the roles were transferred to the new server and it is set up as a GC. When I go into AD domains and trusts and verify the trust, it is showing up as ok. Nothing pointing to anything in the event logs on the local pc or either DC. There are no signs of the old retired DC from the curriculum domain in Sites and Services. It really is doing my head in now!!
     
    Certifications: A+, Network+,MCSA
    WIP: 70-297
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Did you run dcpromo on the old DC so it was demoted gracefully?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  5. Meltin

    Meltin Bit Poster

    41
    0
    12
    yes it was demoted properly. The message refers to an account restriction which makes me think its some sort of policy but I cant find anything.
     
    Certifications: A+, Network+,MCSA
    WIP: 70-297

Share This Page

Loading...