How trusts work in Windows 2000

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi
I'm trying (without much success!) to establish a trust between two domains.
I can ping the other domain but when I try to add it as a trusting domain I
get an error to say that it can't be contacted. Is this a DNS or WINS or
someother problem ?? I can ping the domain by name so I think that DNS is set
up to resolve the ip address correctly. Is it a requirement that domains have
to belong to the same forest to establish a trust relationship ??

Thanks for you help
 
Is it a requirement that domains have
to belong to the same forest to establish a trust relationship ??
Click to expand...

No. External trusts can be established between domains in different forests.
You'll need to create in each domain a standard secondary zone for the other
domain. And Always refer to the other domain using it's fqdn. You say you
can ping the other domain by name? Can you ping hosts by fqdn?

....kurt
 
Thanks for the reply, Kurt

I've added a secondary zone on my domain but got an error: "Zone not loaded
by DNS server. The DNS server encountered an error while attempting to load
the zone. The transfer of zone data from the master server failed". Is that
because the secondary zone isn't set up on the other domain ??

Although I can ping hosts using fqdn within the DNS zone, I can't ping the
domain itself by name. Is that a problem ??

Thanks for your help.

Gary
 
Have you enabled zone transfers and added the server in the other domain to
the list of servers that are allowed to transfer the zone?

Not having a secondary in the other domain won't have any bearing on whether
the secondary in this domain can get a zone transfer.

You should be able to ping (or nslookup) the domain by fqdn. That is how
Windows looks for the SRV for services like netlogon, LDAP, etc. required to
create a trust. To create a 2-way trust, you'll need resolution in both
directions - so get it going one way first, then do the same thing on the
other side.

....kurt
 
Thanks Kurt

I think that we may have some other network security issues which are
preventing me from achieving this trust set-up. I'm still trying to work my
way through it !
 
Back
Top