Adding a Windows NT 4.0 BDC to a Windows 2000.NET Domain

Adding a Windows NT 4.0 BDC to a Windows 2000/.NET Domain

You may, for some reason, need to have the Windows NT 4.0-based Backup Domain Controllers (BDC) in a Windows 2000/.NET domain. The only problem that may (or rather, will) arise during the BDC installation is that the Windows NT 4.0 Setup program creates the wrong type of account. A pop-up window with the following error message will appear:

    The Machine Account for This Computer either does not exist or is    inaccessible. 

If, for example, the account NT4BDC5 was used when installing BDC, the following error will be registered in the System log on the Windows 2000- or Windows .NET-based domain controller that owns the PDC Emulator FSMO role:

    ...    Event Source:   SAM    ...    Event ID:       12298    ...    Description: x   The account NT4BDC5$ cannot be converted to be a domain controller    account as its object class attribute in the directory is not computer    or is not derived from computer. If this is caused by an attempt to    install a pre Windows 2000 domain controller in a Windows 2000 domain or    later, then you should precreate the account for the domain controller    with the correct object class. 

As a result, you will not be able to proceed with the BDC installation. See the instructions below.

Windows 2000 Domain Scenario

To pre-create a computer account for a Windows NT 4.0 BDC, log on to the domain using an administrative account on any Windows 2000 domain member, and perform the following operations:

1. Start the Server Manager (enter srvmgr at the command prompt), which is supported with Windows 2000. (Do not use the Server Manager from the Windows NT 4.0 installation!)

2. Select Add to Domain from the Computer menu.

3. Select Windows NT Backup Domain Controller, enter the BDC computer name, and click Add, then Close. A "Windows NT Backup" type account will appear in the computer list. The account will be created in the "default" Domain Controllers OU.

Then you can install a Windows NT 4.0 server as BDC. Or, if the BDC was already installed, it may be necessary to use NetDom.exe to reset the computer account password.

The following operations will yield the same result as described above:

1. Open the Active Directory Users and Computers snap-in and create a computer object in any container.

2. Start the ADSI Edit snap-in, find the userAccountControl property (decimal INTEGER type; see ADS_USER_FLAG_ENUM in the ADSI SDK) for the new computer object, and change the value from 4128 (0x1020 — WORKSTATION_TRUST_ACCOUNT) to 8192 (0x2000 — SERVER_TRUST_ACCOUNT).

The third way to create a computer account for a BDC is to install the Support Tools pack and enter the following string at the command prompt (this command does not work on Windows .NET domains!):

     netdom ADD <BDC-computer-name> /D:<domain-name> /DC 

The account will be created in the "default" Domain Controllers OU.

Windows .NET Domain Scenario

To add a Windows NT 4.0 BDC to a Windows .NET domain (that should run at the Windows 2000 mixed functional level!), use the following operations:

1. Open the Active Directory Users and Computers snap-in and select any applicable container.

2. Select the New | Computer command from the Action menu.

3. Enter the computer name and set the Assign this computer account as a pre-Windows 2000 computer and Assign this computer account as a backup domain controller checkboxes. Click OK.

4. Install a Windows NT 4.0 server as BDC or continue a failed installation.