Error message when you create the trusted side of a trust between Windows Server 2003-based domains: "The parameter is incorrect"

http://support.microsoft.com/kb/930218

If the names of two domains collide, you can rename one of the domains. If the SIDs of the domains are duplicate, you have to remove one of the domains. Typically, this situation occurs when one of the following scenarios exists:

  • One domain was cloned from the other domain.
  • Before a computer became the first domain controller in either of the two domains, you clone this computer without using the SYSPREP tool.

Alternatively, you can migrate one of the domains to a new domain. However, you cannot migrate a domain to a new SID by using the sIDHistory property. Even if you successfully create a trust after you migrate one of the domain SIDs, you still have duplicate SIDs in user access tokens. Then, users who have duplicate SIDs can access resources that they should be unable to access.

You can leave a response, or trackback from your own site.

Leave a Reply