Re: One Way Trust
From: Tim Springston [MS] (tspring_at_online.microsoft.com)
Date: 09/20/04
- Next message: Todd J Heron: "Re: Domain Users Properties"
- Previous message: Todd J Heron: "Re: Sites and services"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: One Way Trust"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 20 Sep 2004 10:49:57 -0500
Hi SV-
Trusts are established from PDC Emulator to PDC Emulator, though the secure
channel for trusts can operate (once established) in more of an on-demand,
mesh manner. So each PDCE will need to have the name resolution (the
secondary forward lookup zone for it's opposite) needed to locate it's
counterpart.
You can remotely administer the trust setup, but it will still be
'established' between the PDC Emulators.
-- Tim Springston Microsoft Corporation This posting is provided "AS IS" with no warranties, and confers no rights. <anonymous@discussions.microsoft.com> wrote in message news:2bfb01c49ef4$16ea7710$a301280a@phx.gbl... > The secondary forward look up zone has been created on > both the sides for each repective domain. However, my > production domain has several domain controllers and I > have created a secondary forward lookup zone only on the > domain controller which is connected on the same LAN of > the development domain to which I am trying to establish > a outgoing one way external trust. > > I am usig the AD domains and trusts from my XP desktop > where I have the Admin pack installed to create this > trust. My question is, do I have to use the AD domains > and trust from the production domain controller where > secondary forward lookup zone is running for the dev. > domain or I should be able to do it from any DC or from > my XP using Admin pack? > > Pls clarify. > > SV > >>-----Original Message----- >>Hi SV- >> >>ICMP (PING) is not a requirement for a trust to work. > It can be a good >>indicator of general network viability between two > servers though. >> >>It doesn't sound like you have created secondary forward > lookup zones on >>boths sides for each respective domain. If you haven't > done that then I >>would suggest it. You would need to have good name > resolution both ways >>even if the trust is only one way. >> >>Please repost if we can help more with this. >> >>-- >>Tim Springston >>Microsoft Corporation >>This posting is provided "AS IS" with no warranties, and > confers no rights. >> >> >>"SV" <anonymous@discussions.microsoft.com> wrote in > message >>news:07f501c49ca2$9315c910$a501280a@phx.gbl... >>>I am trying to setup a one way outgoing trust between my >>> production AD domain (ms.test.mydomain.com)and another >>> development AD domain (test.com). When I try this from >>> the production domain, I get an error that the >>> destination domain does not exist or network problem is >>> preventing connection. I am able to ping the > destination >>> domain's domain controller by its IP address. However, > I >>> can not ping the destination domain by its domain name >>> test.com. >>> >>> In one of the DCs in the production domain, I have >>> configured a secondary DNS for test.com and from that >>> particular DC I get a reply when I ping using its > domain >>> name (test.com). Will I be able to establish a trust > if I >>> use the AD domains and trust snap-in from the DC where > I >>> have a secondary DNS zone running for the >>> domain "test.com"? >>> >>> Any help would be very much appreciated. >>> >>> Thanks, >>> >>> SV >> >> >>. >>
- Next message: Todd J Heron: "Re: Domain Users Properties"
- Previous message: Todd J Heron: "Re: Sites and services"
- In reply to: anonymous_at_discussions.microsoft.com: "Re: One Way Trust"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
