Re: trust relationships ...

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

In news:440FE776-0759-4F20-8F09-61C3CCF8A243@xxxxxxxxxxxxx,
E-Double <EDouble@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I then
commented about below:
> hi, thanks for the reply. i think that i may have the dns setup on
> one domain but not the other, which could be (one of) the problem/s.
> but also i am not sure of whether i need a domain trust or a forest
> trust (?). i know the boxes are on two seperate domains which are on
> two seperate subnets, but they are within the same building (LAN?)
> and as mentioned can browse to eachother from network neighborhood.
> both machines are also on full win2003 server forest and domain
> levels. when trying to create the forest or domain trust i am not
> sure if it asks to choose one or the other before it fails on me.
> the only option i think i have is whether the trust will be with
> another win2003 server or a third party kerberos machine - to which i
> pick the win2003 server.

Forest trusts will transitively trust all domains in both forests to each
other.

Domain trusts are specific only between those domains. These are called
"External" trusts and are the NT4 style. If you do not get the option to
create a forest trust when you attempt to create a trust, then that usually
says the forest level is not Win2003 or theres a DNS issue.

For forest truest, you would need to make sure there is DNS name resolution
between the two forests. You can create a secondary zone opn each DC/DNS
server of each other's example.com and _msdcs.example.com zone.

Ace


.

Relevant Pages

  • Re: How to create an additional domain
    ... Both domains need to show up on the login screen (one trust I assume) ... Ilustrated version of New domain in existent Forest ... Also check DNS configuration - make sure that each DNS can resolve eachother ... Best practices for DNS client settings in Windows 2000 Server and in Windows ...
    (microsoft.public.windows.server.active_directory)
  • Re: RPC server unavailable, unable to obtain RPC connection to domain controller
    ... Then try establishing the trust again using FQDN not Netbios. ... > I'm having a major problem with my domain controller. ... > 2 of them host Active Directory Integrated DNS zones. ... > that the name can be resolved and that the server is available. ...
    (microsoft.public.windows.server.active_directory)
  • RE: Trust between two Forests Fail
    ... needed to match on both servers on both sides of the trust. ... Our server and their server did not match so we change Company A's server to ... Microsoft Technet “When to create a Forest Trust” a Forest trust fits our ... not running DNS under Windows Active Directory. ...
    (microsoft.public.windows.server.active_directory)
  • Re: RPC server unavailable, unable to obtain RPC connection to domain controller
    ... > Then try establishing the trust again using FQDN not Netbios. ... >> I'm having a major problem with my domain controller. ... >> 2 of them host Active Directory Integrated DNS zones. ... >> that the name can be resolved and that the server is available. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Windows 2000 --> 2003 Trust
    ... First thing is to make sure the systems on each side of the trust are within ... > Error I get on the 2003 server is "Server not operational". ... > So I set the DNS up in the same way as before. ... >>> Just incase, I have tried different domain and forest modes, at the moment>> I ...
    (microsoft.public.windows.server.general)