JSI Tip 3473. Trusts are not available on your BDCs after you upgrade the PDC and join a forest?

When you upgrade your Windows NT 4.0 PDC, trusts to other domains in the forest do not become available to your downlevel BDCs?

When you add users and groups from other domains, you receive 'Access Denied' when they attempt to use resources on the BDCs. If you view permissions, these users and groups are displayed as 'account unknown'?

This problem is the result of the failure of Windows 2000 to log the added trusts in the downlevel replication log, Netlogon.chg. Since the newly created trusts are not logged, they are not replicated.

You can workaround this problem with either of the following:

Delete the Netlogon.chg file. This will cause a new log to be created and it will cause full synchronization of all downlevel domain controllers.

On each BDC, open a CMD prompt, or schedule a batch, that contains:

net accounts /sync

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.