Re: Domain trust problem
From: ptwilliams (ptw2001_at_hotmail.com)
Date: 10/12/04
- Next message: Florin: "book"
- Previous message: ptwilliams: "Re: Script to Copy Files from a Share to a Client Not Working"
- In reply to: Hannibal: "Re: Domain trust problem"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 12 Oct 2004 08:13:05 +0100
No you cannot break anything. You need to be able to resolve the DC SRV
records in the foreign domain to be able to establish a trust. One way of
resolving cross-domain names is by implementing a secondary zone in the
'resolving' domain. You do this by performing a zone transfer from a DNS
server in the foreign domain, to a newly appointed secondary DNS server for
that zone in the local domain (and vice-versa).
You do this like so:
On the DNS server in the foreign domain, right-click the zone file and
choose properties, and zone transfers.
For simplicity, I'm going to go with the most insecure option; feel free to
choose one of the others (but add the appropriate server to it's appropriate
place if you do). Click 'To any server' underneath 'Allow zone transfers'
and OK. (You can also set the notification properties - when the secondary
will be told updates are available - here if you want)
Now, on the DNS server in the local-domain, right-click on forward lookup
zones, and choose new zone. Select secondary zone, and follow the steps in
the wizard.
Memory is struggling now, as I'm not in front of a DNS console, but once the
two are done you simply wait for a full transfer (and then incremental
transfers thereafter) or you can force this through the context sensitive
menu.
Hope this helps,
-- Paul Williams http://www.msresource.net http://forums.msresource.net ______________________________________ "Hannibal" <materialman@luukku.com> wrote in message news:%23Bp94f2rEHA.1988@TK2MSFTNGP09.phx.gbl... Is it safe to do zone transfer, can I broke something with doing that. How do I do it? - Hannibal "Juan" <Juan@discussions.microsoft.com> wrote in message news:C5909823-897A-409D-BA9D-9BD5CD0AF0A4@microsoft.com... > A different netbios - computer name is really important. > In the last time I created a lot of trusts. > > If you want to trust a windows nt domain it will be the best if you create > WINS replication between AD and NT4. > > In Windows 2k or 2k3 I've exchanged DNS information, I transferred the > zones. After that creating a trust was not complicated. > > Essential for creating trusts is that name resolution has to work without > problems!! > > Try ping, nslookup and try to connect with UNC ( \\servername\sharename) to > connect to the other servers. Check if netbios is not disabled. > > regards > > Juan > > > > > "Hannibal" wrote: > > > Yes, I know that NetBios is required to create trust, > > but when I used dcpromo to upgrade W2k3 server, i gave name > > as extranet0 to this domain NetBios name. Now when I try create trust > > to W2k server it cant be connected, but when I try to create trust to the > > other W2k3 server, which is extranet, it connects right away. What should I > > do? > > > > "Juan" <Juan@discussions.microsoft.com> wrote in message > > news:67652BDF-AFEA-46FE-8CDD-65ED2DAAEFC6@microsoft.com... > > > Hi! > > > > > > If you create truts Netbios is still playing a big role. Read the > > following > > > article and you'll understand what I mean: > > > > > > http://www.windowsdevcenter.com/pub/a/windows/2004/05/11/netbios.html > > > > > > regards > > > > > > Juan > > > > > > "Hannibal" wrote: > > > > ....
- Next message: Florin: "book"
- Previous message: ptwilliams: "Re: Script to Copy Files from a Share to a Client Not Working"
- In reply to: Hannibal: "Re: Domain trust problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
