Recently I have become the administrator of a Windows-server environment. Due to an error on the PDC, I decided to restore it from an old backup (a bit over a month old) - yeah I know now and I'm never making that mistake again.
After restoring I booted into Directory Services Restore Mode (DSRM) and deleted the logfiles from C:\Windows\NTDS, otherwise it wasn't able to do a normal boot.
Now the PDC aren't able to replicate from the SDC (Kerberos security error). I have read a bunch of posts an articles and as I understand, it's most likely due to shared secret inconsistency.
I have tried "netdom resetpwd" against SDC, but it raises this error: "The target account name is incorrect".
I can ping SDC from PDC and the time is the same on both machines.
Is it possible to demote the PDC and then promote the SDC to a new PDC? At the moment the PDC are running some other roles, that I would rather not want to move to another server.
Thanks!
