Jun 23, 2012
tom
No Comments

Upgrading from Win2K3 to win2K8 R2: The security database on the server does not have a computer account for this workstation trust relationship:

Question

I have upgraded our server from Win 2003 R2 to Win 2008 R2, I have added users and groups,
when I try to connect them to server, it shows this message: “The security database on the server does not have a computer account for this workstation trust relationship: “

I know to solve it by rejoining the domain for each computer, but I am searching for a better way without rejoining the new domain,

the new domain has the same stuff of the old domain, the same name, same dns, same Server name,

Asked by mfadel

Answer

Can’t be done.

I’d ask how you’re “migrating” stuff to the new domain, but it really doesn’t matter.

The object on the old domain and the object on the new domain may have the same name, but they’ll have different SIDs, which causes AD to recognize that they’re different objects, and throw that error. FYI, this will apply to user accounts too, so prepare for that.

Below is a wikipedia link to introduce you to the concept of SIDs, which, incidentally, is realyl something you ought to know pretty well before mucking about in AD, let alone migrating domains or creating a new one. :/

http://en.wikipedia.org/wiki/Security_Identifier

And, for what it’s worth, “migrating” domain, or building a new domain (which is what it sounds liek you’re really doing) is a process that’s best planned out and designed from the ground up. If you just try to slap something together and copy the old crap over into the new domain, you’re probably going to end up WORSE off – not only did you essentially put old crap into new container, you used a container that wasn’t well designed or thought out to begin with.

Not good.

EDIT:

I guess I’ll add that if your domain is big enough, or minimizing change and impact are worth enough to you or your organization, you might want to look into AD migrator software to help you out. Even with these tools though, you should be aware that it doesn’t actually “copy” accounts over, it creates new ones with the same properties and permissions.

You could try this one, for example, which is fairly nice, for what it is, though I personally prefer to build new where possible, to avoid polluting a new container with old crap.

Answered by HopelessN00b

Check more discussion of this question.

Related posts:

  1. The security database on the server does not have a computer account for this workstation trust relationship
  2. After restoring a HyperV snapshot, I get “the trust relationship between this workstation and the primary domain failed”
  3. How can I rejoin a Windows machine to the domain without losing user data if trust relationship on machine was broken
  4. Copying files to a different domain, where no trust relationship exists
  5. Security implications of adding a computer account to folder security

Leave a comment