Windows 2000 server sees NT4 BDC computer name as user account

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

If you have a mixed mode Windows 2000 domain where the PDC is Windows 2000, you can have problems with how the Windows 2000 PDC handles the machine accounts from Windows NT. It the secure account for an existing NT4 BDC gets out of synch, you can use the nltest.exe utility from Windows 2000 to reset the server account password. See How to Use NLTEST to Force a New Secure Channel

If it is a new BDC, and you have already added the BDC machine name, delete it. Recreate it using the Windows 2000 Directory Manager snap-in:

Start ADSI Edit and view the userAccountControl property for the new computer object.

Change the value of the userAccountControl object to 8192 from the default of 4128.

After this, you should be able to install the Windows NT4 BDC. Now the Windows 2000 PDC will recognize that the machine account (ends in $ as in waynespc$) is a computer object not a user object.

Taken from Q221826 . Check to see if there is updated information or other workarounds. Microsoft periodically updates these KB articles.

Featured Links