3 comments

Creation of trust fails: cannot continue

Published on Wednesday, October 27, 2010 in

I recently had to create some trusts between some domains in a lab environment. After creating a few trusts, suddenly I received the following error in the New Trust Wizard:

The operation failed. The error is: cannot create a file when that file already exists.

image

One could think what the hell do I need a file for when creating trusts…A quick google lead me to the suspicion that some of my domains had the same domain SID… Besides using adsiedit, ADUC or other tools, here is an easy way to determine the domain SID with a small vbsctipt, make sure to replace the user and domain with correct values. The user can be any existing user you like.

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get("Win32_UserAccount.Name='user',Domain=domain")
Wscript.Echo objAccount.SID

Run this by double clicking, which will give you a popup or just execute it from the commandline: cscript getsid.vbs to be able to get the SID in a copy pasteable format.

The impact of having two domains with the same SID is big. They can never have a trust between them:

image

Or can never have a trust with a common partner:

image

How do you wind up in this situation? By being to lazy to perform a sysprep… If you clone a server image, and perform a dcpromo of both the base and the clone, you will have identical Domain SIDs…

Related Posts

3 Response to Creation of trust fails: cannot continue

Anonymous
17 August, 2023 18:15

We tried run the VBS script getting error object path not found.

20 August, 2023 22:34

The instructions in the post should be enough, are you sure your replacing the proper values? Also there's probably more "modern" ways to do this by now :-)

Anonymous
15 December, 2023 03:02

Thanks for this. Forgot to sysprep.

"Modern" way with PowerShell:
(Get-ADDomain).DomainSID

Add Your Comment