ID: q113409
A LAN Manager user accounts subsystem (UAS) imported into the Windows NT Advanced Server security database may be corrupted on the LAN Manager backup domain controller and member servers when the BDC and servers start synchronizing with the NTAS domain controller instead of the LAN Manager domain controller.
Microsoft Windows NT Advanced Server provides a utility called PORTUAS which imports user account data for all the users and groups in a LAN Manager domain into a Windows NT Advanced Server security database. Importing the LAN Manager servers group into the NTAS domain allows an NTAS domain controller to synchronize its user account database with the LAN Manager servers in the domain.
To replicate a UAS across the domain, the Windows NTAS domain controller sends a second class mailslot to \mailslot\net\netlogon. The Netlogon service sends the pulse message first to all Windows NT Advanced servers in the domain, by sending it to the NetBIOS group name xxx<1C> (where XXX is the domain name and <1C> is the hexadecimal value of the 16th byte of the name). All Windows NT Advanced Servers in the domain register this global group name, so they all receive the mailslot message. Because LAN Manager servers in the domain don't have the <1C> address registered, the Netlogon Service sends the mailslot to each one of them in the Servers global group. Some LAN Manager servers, however, may be members of the Servers group without belonging to the domain, and when they receive the update they start synchronizing with the Advanced Server domain controller.
Remove the LAN Manager servers from the NTAS Domain:
1. In Server Manager, select the server you want to remove; select Delete.
2. In User Manager, select the Servers Global group, and remove the
Unwanted members.
Additional query words: prodnt NTAS NT LM DC sync
Keywords : kbnetwork
Version : 3.1
Platform : WINDOWS
Last Reviewed: August 18, 1998