After moving a computer to the new domain it is not possible to logon on the domain. The following error may appear:
"The security database on the server does not have a computer account for this workstation trust relationship."
Often the workstation may require two reboots for the error to disappear.
Group Policy Objects may be interfering. Two reboots may be required because the primary DNS suffix was set by GPO in the source domain. After the first reboot, the computer cannot register in DNS because it is trying to register in the target domain using source DNS suffix.
The workstation may then receive the target GPO (where you have configured the target primary DNS suffix). During the second reboot, this value is applied and the DNS registration works.
To avoid having to reboot twice the following may work for your environment.
1. Ensure all GPO are not applied to source computers right before they are moved.
2.During the move action you could launch a post script. Deleting two registry keys (basically the primary DNS configuration from the source domain GPO) may be one way to make this work better.
reg delete HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient /v "NV PrimaryDnsSuffix" /f
reg delete HKLM\SOFTWARE\Policies\Microsoft\System\DNSClient /v "PrimaryDnsSuffix" /f
This may provide success for the first reboot. Support However, does not provide support in creating or correcting any mistakes with any used script.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center