Re: cross-forrests trusts on routed networks with NAT

From: Mike Brannigan [MSFT] (mikebran_at_online.microsoft.com)
Date: 10/15/04 

Date: Fri, 15 Oct 2004 12:51:17 +0100

"Rup And" <RupAnd@Andeby.dk> wrote in message
news:ejJ%23y%23psEHA.636@TK2MSFTNGP09.phx.gbl...
> The trust is between two forrests.
>
> One forrest build on Windows2000 and one forrst build on Windows 2003
>

If the forests are 2000 and 2003 then you can only do regular domain to
domain trusts. These are directly between the 2 domains and do not have an
transitivity.
So you can put a trust between the 2 forest root domains of your 2 forests -
but this should not be confused with a real transitive forest trust that can
only be made between 2 forest that are native Serve 2003 in Serve 2003 mode.
If you put a trust between your 2 forest root domains this is just a regular
trust between 2 domains, and does not extend the trust to all domains in the
2 forests. 

-- 
Regards,
Mike
--
Mike Brannigan [Microsoft]
This posting is provided "AS IS" with no warranties, and confers no
rights
Please note I cannot respond to e-mailed questions, please use these
newsgroups
"Rup And" <RupAnd@Andeby.dk> wrote in message 
news:ejJ%23y%23psEHA.636@TK2MSFTNGP09.phx.gbl...
> The trust is between two forrests.
>
> One forrest build on Windows2000 and one forrst build on Windows 2003
>
> Regards
> Rup
> "Mike Brannigan [MSFT]" <mikebran@online.microsoft.com> wrote in message
> news:OopPwCosEHA.3740@tk2msftngp13.phx.gbl...
>> "Rup And" <RupAnd@Andeby.dk> wrote in message
>> news:%23w2lftnsEHA.272@TK2MSFTNGP12.phx.gbl...
>> > Hi
>> >
>> > How do I configure DNS in the following scenario ?
>> >
>> > I need to establish a cross-forrest trust between a windows 2000 and
>> > windows
>> > 2003 domain.
>> >
>> > The two domains exists on a routed network and the DC's sits behind
> NAT'ed
>> > firewalls.
>> >
>> > I have tried with roothints alone pointing to the nat'ed adresses. That
>> > did
>> > not succeed.
>> >
>> > I have tried with lmhosts like this:
>> >
>> > 10.10.10.10 serverdc     # PRE      #DOM:MYDOM  This actually works.
>> >
>> > What is the precise dns scope equal to the lmhosts entry ?
>> >
>>
>> Do you mean a normal trust relationship between any 2 domains in 
>> different
>> forests - or the new top level transitive forest trust ?
>> Top level forests trusts are only available between Windows Server 2003
>> forests that are both in full 2003 Forest functionality mode.
>>
>> -- 
>>
>> Regards,
>>
>> Mike
>> --
>> Mike Brannigan [Microsoft]
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights
>>
>> Please note I cannot respond to e-mailed questions, please use these
>> newsgroups
>>
>> "Rup And" <RupAnd@Andeby.dk> wrote in message
>> news:%23w2lftnsEHA.272@TK2MSFTNGP12.phx.gbl...
>> > Hi
>> >
>> > How do I configure DNS in the following scenario ?
>> >
>> > I need to establish a cross-forrest trust between a windows 2000 and
>> > windows
>> > 2003 domain.
>> >
>> > The two domains exists on a routed network and the DC's sits behind
> NAT'ed
>> > firewalls.
>> >
>> > I have tried with roothints alone pointing to the nat'ed adresses. That
>> > did
>> > not succeed.
>> >
>> > I have tried with lmhosts like this:
>> >
>> > 10.10.10.10 serverdc     # PRE      #DOM:MYDOM  This actually works.
>> >
>> > What is the precise dns scope equal to the lmhosts entry ?
>> >
>> > Regards
>> > Rup
>> >
>> >
>>
>>
>
>