Hi,
Our company have 3 domain controllers, when we doing domain migration to new forest, we cannot use ADMT tools as the following error occur:
The Security System detected an authentication error for the server LDAP/server1.zh.xxxxx.com/zh.xxxxx.com. The failure code from authentication protocol Kerberos was "The name or SID of the domain specified is inconsistent with the trust information for that domain. (0xc000019b)".
So we checked these 3 domain controllers, the SID is really the same (maybe the old staffs do wrong things).
Then we want to change the SID to solve the issue, but we found that only demote and promote the DC again (also by Microsoft Forums) :
It is impossible to change the SID on a Domain controller, what you have to do is to demote it first, remove from domain, change SID with SYSPREP and promote again.
But when we try to demote one of the DC, it seems all AD down, we cannot login to the domain, the "Active Directory Users and Computers" cannot be opened as it told that the Domain cannot be contracted.
Then we promote again with the "demoted" DC, the AD seems becomes normal.
So we want to know how to change SID in this case ??
Or the error from ADMT can be solved by other solutions ?
Thanks !