Problem solve Get help with specific problems with your technologies, process and projects.

Why can't I add a new child domain in AD?

I have established a root domain 'utic.net' and have it in an external trust with my NT4 production domain. My plan is to have the NT4 become a child domain (e.g. division1.utic.net). I have nine other divisions/domains to add to the root as child domains.

When testing the upgrade/migration in my setup, I added a BDC to the NT4 domain and then removed it to a standalone off the backbone. I promoted the BDC to a PDC and changed the domain name. With a Win2k box acting as router, I reconnected to the backbone with its own subnet.

I can ping both ways with the root AD domain. The upgrade to Win2k went fine. But when I tried to add this new domain into the AD as a child domain, this is where it failed. It finds the AD domain, I supply the logon ID/password/domain info, answer all the other prompts, and the upgrade begins. However, several minutes into the process I receive and error that 'binding to the server' the 'DC for the root domain' with the supply credentials failed.'

I have tried this with a fresh new NT domain PDC. I also tried rebuilding the AD domain from scratch with no success. I'm stumped. TechNet and other resources have failed to help me on this problem. Can you tell me where to look?

If I understand this correctly, what you end up with is two domains on the same network with the same NetBIOS name. You have the legacy NT 4.0 domain, which still exists on the backbone. Then you have the Win2k domain upgraded from the NT 4.0 domain BDC that is on its own subnet -- but that is then connected to the backbone so that you can reach the AD domain. When upgrading the NT 4.0 domain to an AD Win2000 domain you cannot change the NetBIOS name of the domain. Thus, you must have two domains with the same NetBIOS name on the same network. This could cause all sorts of issues.

If you want to test this theory, disconnect the upgrade Win2k network off of the backbone. Build a new AD server to match what you have on the backbone. Put the new AD server in the isolated network with the upgraded Win2k machine. Now, create the trusts. I would imagine that this will work.

Dig Deeper on Windows systems and network management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.