Re: W2K3 cross domain trust
From: Kevin (Kevin_at_discussions.microsoft.com)
Date: 01/10/05
- Next message: Fao, Sean: "Re: LDAP Services After Role Transfer"
- Previous message: Teemu: "Re: NT4 Trusts Server 2003 Access is denied -->OK"
- In reply to: ptwilliams: "Re: W2K3 cross domain trust"
- Next in thread: John Negus: "Re: W2K3 cross domain trust"
- Reply: John Negus: "Re: W2K3 cross domain trust"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 10 Jan 2005 05:45:06 -0800
2-way external non-transitive trust was formed between the domains. Both
domains are windows 2003 and the functional level is windows 2000 native mode.
Kevin
"ptwilliams" wrote:
> You cannot see the domain in the snap-in's because it's external to the
> forest in which you reside. When you see domains listed in the management
> snap-in's these are all within the same forest (references to each domain
> partition are stored in the configuration partition; as is information on
> each domainDNS object).
>
> What kind of trust do you have in place?
>
> Are you running in 2003 native and do you have a forest trust?
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "Kevin" <Kevin@discussions.microsoft.com> wrote in message
> news:35DADFC5-3AD3-4BC6-B08F-608E589244A2@microsoft.com...
> I means I cannot see other domains after clicked the "locations" button.
> Only
> abc.com was found.
>
> Thanks and Regards,
> Kevin
>
>
> "John Negus" wrote:
>
> >
> > > Question 1
> > > I have two forest abc.com and xyz.com, both of them form a two way
> > > trust.
> > > I want to add user from xyz.com to a group in abc.com. I can't see the
> > > domain xyz.com in the "Active directory users and computers" console.
> > > But in
> > > the security tab of folder poperties, I can add users and groups from
> > > xyz.com.
> > >
> > > The group in abc.com is a universal group.
> > > Both domain is windows 2003 and running w2k native mode
> >
> > Answer1
> > In "Active Directory Users and Computers" when you add a user to a group
> > there is a "Locations" button. If you select that you should see the
> > other domain and be able to select it. You will then be able to add
> > users from that domain to your group. This is providing that your trust
> > is set up correctly and that you are not trying to add users from the
> > other domain to a global group.
> > >
> > > Question2
> > > Currently both of the forest abc.com and xyz.com only have one windows
> > > 2003
> > > DC, I will add one more DC in each forest but the new DC is windows
> > > 2000. Can
> > > I raise the functional level from w2k native to windows 2003 later or
> > > I
> > > should stay at w2k native mode?
> >
> > Answer2
> > You will not be able to add a W2K DC to your domain if you raise the
> > fuctional level of your domain higher than W2K Native mode. Stay at
> > native mode until you upgrade your W2K DC or remove it from the domain.
> >
> > --
> > John Negus
> > MSEtechnology
> > --
> >
> >
> >
> >
> >
>
>
>
- Next message: Fao, Sean: "Re: LDAP Services After Role Transfer"
- Previous message: Teemu: "Re: NT4 Trusts Server 2003 Access is denied -->OK"
- In reply to: ptwilliams: "Re: W2K3 cross domain trust"
- Next in thread: John Negus: "Re: W2K3 cross domain trust"
- Reply: John Negus: "Re: W2K3 cross domain trust"
- Messages sorted by: [ date ] [ thread ]
