Can not establish Trust Relationship

  • Thread starter Thread starter Phillip Windell
  • Start date Start date
P

Phillip Windell

The structure of NT4 domains is not relevant to this. You need to describe
the situation in the correct terms for the context of a Windows 200x Active
Directory Domain Structure.

1. An Active Directory cannot exist on its own without a "Forest".
2. A Forest can have many Domains in it
3. A Single Domain within a Forest can have many Domains underneath it in
the form of Child Domains.

Please describe the situation based on these things.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
 
I have 2 PDC's. Server2 in Domain 2, & Server3 in Domain 3. I just created
Server2 as the previous one (running NT4), died after many years. All the
boxes are on a class 2 subnet & all see each other. Following the tradition
procedure in active directory/ ...trust /. entering passwords from both boxes
doesn't work. I did delete the previous relationship on Server3 for the former
Server2.
 
dave goldman said:
Perhaps I configured the Server2 incorrectly when installing. I remember
choosing "no" when asked if this domain was to exist in a forest w/ other
domain controllers.
Click to expand...

Then you created multiple Forests with a single Domain within each Forest.
My intention is for each of the domain controlers to function as "PDC's
in seperate
domains.
Click to expand...

There is a PDC FSMO "Role",...but there is no such thing as a PDC or BDC
after NT4.
The Domain is no longer at the highest level or top of the food-chain,...the
Forest is at the highest level and the Domain exists below that.

For the multiple Forests you created to trust each other you will have to
set up DNS Zone Transfers between the DC in one Domain/Forest to the DC in
the other Domain/Forest. This way the two Forests will be "aware" of each
others DNS Tree and you will be able to establish a Flat Inter-Forest Trust.

If this is too much work,...then start over with the second DC and when you
promote it again you need to choose one of the other options in the *same
existing* Forest. You can have two Domains in a Forest that are at an
"equal" level,...or you can have two Domains with one below the other
(Parent/Child model). I believe all Domains within a Forest are
automatically aware of each other DNS Tree and the Trust shouldn't be a
problem.

Others with more experience with this are welcome to tweek my details if I
am not quite correct.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
 
Perhaps I configured the Server2 incorrectly when installing. I remember
choosing "no" when asked if this domain was to exist in a forest w/ other
domain controllers. My intention is for each of the domain controlers to
function as "PDC's in seperate domains. Are these terms even correct for this
invoirment. I'm afraid my training is dated. I have managed to keep everything
configured & running & as I explained, I can still access resources on all the
workstations.
 
Thanks. I understand. If I use dcpromo.exe to "demote" the server, then run it
again, will I have the option to put the server in the same forest, or do I
need to do a new install ?
 
Thanks. I understand. If I use dcpromo.exe to "demote" the server, then
run it
again, will I have the option to put the server in the same forest, or do
I
need to do a new install ?
Click to expand...

You don't have to reinstall.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
 
Back
Top