I recently had to create some trusts between some domains in a lab environment. After creating a few trusts, suddenly I received the following error in the New Trust Wizard:
The operation failed. The error is: cannot create a file when that file already exists.
One could think what the hell do I need a file for when creating trusts…A quick google lead me to the suspicion that some of my domains had the same domain SID… Besides using adsiedit, ADUC or other tools, here is an easy way to determine the domain SID with a small vbsctipt, make sure to replace the user and domain with correct values. The user can be any existing user you like.
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get("Win32_UserAccount.Name='user',Domain=domain")
Wscript.Echo objAccount.SID
Run this by double clicking, which will give you a popup or just execute it from the commandline: cscript getsid.vbs to be able to get the SID in a copy pasteable format.
The impact of having two domains with the same SID is big. They can never have a trust between them:
Or can never have a trust with a common partner:
How do you wind up in this situation? By being to lazy to perform a sysprep… If you clone a server image, and perform a dcpromo of both the base and the clone, you will have identical Domain SIDs…
3 Response to Creation of trust fails: cannot continue
We tried run the VBS script getting error object path not found.
The instructions in the post should be enough, are you sure your replacing the proper values? Also there's probably more "modern" ways to do this by now :-)
Thanks for this. Forgot to sysprep.
"Modern" way with PowerShell:
(Get-ADDomain).DomainSID
Add Your Comment