Establishing a Trust

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Just wondering if it is possible to establish a trust between a Win2000
active directory domain and a Win2003 active directory domain. I have tried
to make this work in this environment with no luck. Could someone direct me
to some articles on this as I found little on it searching the Microsoft
Knowledge Base.

Thank you.
Dave
 
Sure it is possible. You will have to configure external trusts between the
"domains". Since the trust will not use kerberos you will want both netbios
and dns name resolution between the domains. Make sure you do not try to
create a trust between "forests" which will only work if both forests are
W2003 and at W2003 functional level. Assuming you are running wins in each
domain make your wins servers replication partners with the wins servers in
the opposite domain. Verify that this happens and that you see records for
both domains in the wins database on the wins servers in each domain. Also
make sure that the domain controllers are wins clients. As far as dns,
configure the W2003 domain to use conditional forwarding to the W2000 domain
and have the domain controllers in the W2000 domain be secondary zone
holders of the W2003 domain. Once all that is working go ahead and try to
set up your trust [verify pinging domain controllers in opposite domain by
name and IP address]. The links below may be helpful. --- Steve

http://www.microsoft.com/resources/...oddocs/en-us/domadmin_createexternaltrust.asp
http://tinyurl.com/6efgq -- same link as above shorter.
http://support.microsoft.com/default.aspx?scid=kb;en-us;325874
http://www.microsoft.com/technet/pr...ory/maintain/opsguide/part1/adogd05.mspx#EIAA
 
Dave said:
Just wondering if it is possible to establish a trust between a Win2000
active directory domain and a Win2003 active directory domain. I have
tried
to make this work in this environment with no luck. Could someone direct
me
to some articles on this as I found little on it searching the Microsoft
Knowledge Base.
Click to expand...
Before, you must configure cross-DNS , domains must "see" each other.
 
Hi Steve, thanks for the info. You are right, this is between two separate
forest and I think that is where the problem is. I can ping each system
through our sonicwall routers with no problem. One forest is a win2003 with
exchange 2003. The other forest is a win2000 with Exchange 2000. I am
wondering if the win2000 forest must be upgraded to make this work. Sure
would appreciate another opionion from you.

dave
 
You can only create a trust between "forests" when both forests are Windows
2003 domains and the forest is at Windows 2003 forest functional level.
However you can create trusts between "domains" in other forest with what
you have now. The trust would have to be an external trust which are one way
which means that if you want each domain to trust the other you will have to
establish two trusts, one outgoing from each domain. The main advantage of
forests trusts is that they are transitive, meaning they are between the
root domain in each forest and then all the domains in each forest are
joined via the trust eliminating the need for explicit trusts between the
domains in each forest. --- Steve
 
Back
Top