Trust Relationships

[Sameer]

Hello,
We are having two different domains administrated by two Windows 2000
Servers.
The domain DOMAIN1 is having ip addresses in the range 192.168.0.1 to
192.168.0.25 and is connected by a switch.

The domain DOMAIN2 is having ip addresses in the range 192.168.10.1 to
192.168.10.20 and is connected by a hub.

A cross crimped cable connectes the hub and switch so that both the
domains can be connected.

I am trying to establish Trust Relationship between these domains

The steps followed are:
1) I opened 'Active Directory Domains and Trusts' tool of server of
DOMAIN1
2) Selected properties of DOMAIN1 domain
3) Selected Tusts tab and tried to add domain DOMAIN2 to 'Domains
trusted by this domain' by giving administrator password of another
domain
4) The error message is
'DOMAIN2 can not be contacted


5) Entire Network-> Microsoft Windows Network shows only DOMAIN1
and there is no another domain


Currently the only way to communicate between two domains is by
changing IP address of computer from DOMAIN1 to 192.168.10.X.

How to contact the two domains as said in the error message.
How to display both the domains in the Microsoft Windows Network?


Please help.


-Sameer


Reply

 

[Marcel]

Hello,
We are having two different domains administrated by two Windows 2000
Servers.
The domain DOMAIN1 is having ip addresses in the range 192.168.0.1 to
192.168.0.25 and is connected by a switch.

The domain DOMAIN2 is having ip addresses in the range 192.168.10.1 to
192.168.10.20 and is connected by a hub.

A cross crimped cable connectes the hub and switch so that both the
domains can be connected.

I am trying to establish Trust Relationship between these domains

The steps followed are:
1) I opened 'Active Directory Domains and Trusts' tool of server of
DOMAIN1
2) Selected properties of DOMAIN1 domain
3) Selected Tusts tab and tried to add domain DOMAIN2 to 'Domains
trusted by this domain' by giving administrator password of another
domain
4) The error message is
'DOMAIN2 can not be contacted


5) Entire Network-> Microsoft Windows Network shows only DOMAIN1
and there is no another domain


Currently the only way to communicate between two domains is by
changing IP address of computer from DOMAIN1 to 192.168.10.X.

How to contact the two domains as said in the error message.
How to display both the domains in the Microsoft Windows Network?


Please help.


-Sameer


Reply

AD probs is almost always DNS related. DOMAIN1 can't see DOMAIN2 and vice
versa if the DNS servers don't know where to find the other domain. Possible
solutions: 1. Configure forwarding in the DNS servers to point to the dns
servers at the other domain. Or 2. Make the DNS servers hosts a secondary
zone that contains the other domain.

Marcel

 

[Andrew Story]

AD probs is almost always DNS related. DOMAIN1 can't see DOMAIN2 and vice
versa if the DNS servers don't know where to find the other domain. Possible
solutions: 1. Configure forwarding in the DNS servers to point to the dns
servers at the other domain. Or 2. Make the DNS servers hosts a secondary
zone that contains the other domain.

Marcel

Firstly, can you provide the output of a ipconfig/all from both DC's from
domain1 and 2? if DC1 address is 192.168.0.1/24, and DC2 address is
192.168.10.1/24 then you won't be able to contact the other subnet without
routing.

I suspect that if you try to ping domain1's DC from domain2's DC it will not
reply and vice versa.

Secondly, windows2000 domain trusts are dependant on NetBIOS name
resolution, you will need either:

1. WINS installed on a machine in both domains and configured them to
replicate with each other
2. A hosts file with the correctly configured entries for the domain you
want to connect to, see here for an example
http://support.microsoft.com/kb/180094/EN-US/
3. Use NETDOM to create trusts also, this is supplied with the windows2000
support tools.

Hope this is OK for you.

 

[Kurt]

You'll need a router to route between the subnets, or dual-homed servers.
Also, take note of the other posts about DNS. DNS must work (or WINS) to
establish a trust.
...kurt