msgoodies: Domain Trust and "The operation can not be performed on the current domain"

Tuesday, January 25, 2005

Domain Trust and "The operation can not be performed on the current domain"

I was trying to setup a trust between two domains across ISA2004. Everything running in Virtual PC. But it did not work. Whenever I tried, I got the message The operation can not be performed on the current domain. I was not able to find this message anywhere on the Internet and the message gave no hint as to why it wasn't possible. Trying to explain the problem to my colleague, I realized the problem myself: I had copied the original Windows Server 2003 disk (file) in a workgroup state. DCPromo seems to reuse the SID of the original server for the domain, so the problem was caused by the fact that both Active Directory domains were having the same SID. Hmmm - I knew that I should not just copy the disk, but a decent error messages would have helped a lot. Demote, sysprep and promote removed the problem.

If you by chance should experience the same situation on NT4, the error is also a strange one. As I'm not 100% sure, I'm not going to provide the message but it had something to do with file/record already exists.

14 comments:

Anonymous said...: Yep! Finally an answer.
Spent all day on this. Didn't figure it was because of Virtual PC and SIDs!

Rather than sysprep, sysinternals offer a neater solution to change the SID -

http://www.sysinternals.com/Utilities/NewSid.html; 19 October, 2005 19:35
Anonymous said...: Thank you for the information about the virtual PC & SID's. Demoted and used newsid. Worked a treat.; 28 March, 2007 15:39
Anonymous said...: I cant hit myself hard enough for this stupid mistake :)

tnx....; 04 July, 2007 14:58
Anonymous said...: Cool article. Thanks fo the answer to what has been bugging me all day.

just a note, you get the same issue using vmware fusion to copy Windows 2003 VMs; 22 October, 2007 21:26
Anonymous said...: Thanks, obvious when you think about it, but sometimes its hard to see the wood for the trees.

Solved the same problem after cloning Windows server 2003 R2 on VMware server 1.0.4

Saved me some time!; 22 January, 2008 13:12
Anonymous said...: Thanks! I could not Find any answer for that on MS site !; 25 April, 2008 19:26
Unknown said...: I spent past three days tring to get trust to work, searched MS and no luck, just had to search the right thing on Google to get to your post, I had done the same thing and cloned my servers, did as you said and worked perfect! Thanks for sharing your experience, saved me time and headache! :); 16 July, 2008 15:23
Anonymous said...: Also had the same problem!
Thanks for this article!
I cloned a VMware Windows Server 2008 because I wanted to save time. I did renamed the computer after the cloning and after that I run dcpromo. But the SID doesn't change when you rename a PC or run dcpromo.
Thanks for solving my problem. newsid works great!; 12 January, 2009 16:07
Anonymous said...: Nice article. Helped me out a TON!; 07 July, 2009 18:03
LMT said...: Thanks for this article!
Hyper-V, export and import VM, VM machine rename, dcpromo and then domain trust not working... but this post has helped; 13 July, 2009 23:35
Cláudio Costa said...: You are the man!!!!!; 14 August, 2009 04:55
Test said...: Thanks. This solves my problem.; 21 July, 2010 20:58
Bruce said...: Thanks God!!; 21 October, 2010 02:40
Jorge said...: Saved quite a bit of time, thanks!; 06 February, 2012 21:49