Re: Domain Functional Levels and Trusts

"Adam" <no@xxxxxxxxx> wrote in message
news:eLyD5VhFGHA.3728@xxxxxxxxxxxxxxxxxxxxxxx
> Herb -
>
> Thanks for the response, but I dont quite understand your explanation.
> First you say, "You can always (in any mode) use EXTERNAL trusts between a
> pair of domains which are not in the same forest.Those two domains may be
> in any mode or may even include an NT domain." Then you say,

But you left out the CHANGE of CONTEXT; there was an
intermediary paraphraph in which this appeared:

other type of trust, i.e., Forest Trust

A Forest Trust and an External trust are TWO DISTINCT types
of trusts, often confused by those who are fairly new to Win2003.

And the following paragraph was actually offered in parentheses
for a full explanation of the (now missing) intermediary paragraph:

> "Yes, indirectly this requires the domain to be in the Win2003
> Server-native mode, but that is not the KEY requirement." It seems
> contradictory.

Here is the missing intermediary paragraph (with it's parenthetical
elaboration):

<<<
In fact, the domain mode is only peripherally relevant to the
other type of trust, i.e., Forest Trust, since this requires both
FORESTS to be in Win2003 Forest Functional Level.

(Yes, indirectly this requires the domain to be in the Win2003
Server-native mode, but that is not the KEY requirement.)
>>>

> So, can I form a trust between my Windows 2003 Functional Level Domain and
> a Windows 2000 Mixed Mode domain? Thanks!!

Yes. You can form an EXTERNAL trust between ANY pair
of DOMAINS which are not in the same forest.
Including NT domains.

You cannot form a FOREST trust ONLY between forests when
both forests are in Win2003 Forest Functional Level.

Again parenthetically:
(In this latter case, the domain mode is only peripherally related
to the Forest trust which requires the correct FOREST funtional
level. The indirect relationship is due to the Forest functional
level requiring the Win2000 Server-native Domain level for ALL
of the forest's domains.)

I think your confusion may have been due to equating or confusing
EXTERNAL versus FOREST level trusts.

External trusts are possible in any MODE, and are always between
precidely TWO domains.

Forest level trusts have (very) special requirements, and are (in some
sense) between ALL of the domains of each forest due to their
transitive property.



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
> Adam
>
>
> "Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
> news:uE6ncpgFGHA.3280@xxxxxxxxxxxxxxxxxxxxxxx
>> "Adam" <no@xxxxxxxxx> wrote in message
>> news:%230ClBhgFGHA.3780@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi Everyone -
>>>
>>> I need to build a trust between two domains in separate forests. One
>>> domain is Windows 2000 Mixed Mode and the other has a Windows 2003
>>> Domain Functional Level.
>>>
>>> I just want to confirm that because one of the domains has a Windows
>>> 2003 Functional Level, I will need to upgrade the other domain to the
>>> same level before the trust can be built, correct?
>>
>> No.
>>
>> You can always (in any mode) use EXTERNAL trusts between
>> a pair of domains which are not in the same forest.
>>
>> Those two domains may be in any mode or may even include
>> an NT domain.
>>
>> In fact, the domain mode is only peripherally relevant to the
>> other type of trust, i.e., Forest Trust, since this requires both
>> FORESTS to be in Win2003 Forest Functional Level.
>>
>> (Yes, indirectly this requires the domain to be in the Win2003
>> Server-native mode, but that is not the KEY requirement.)
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>
>
>


.

Relevant Pages

  • Re: Raise "Forest" functional level & rename domain?
    ... when you say it will need to be a cross forest trust when both are at 2003, ... the domain we'd like to rename and leave the other one @ 2K level? ... > functional level of the domain/forest with which you have a trust. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Win2008 Forest Functional level and trusts with Windows 2000 m
    ... Is the same true with a pure Windows 2000 domain that currently has a two-way ... trust must be maintained with the external 2000 domain. ... Two way trusts between domains in Forests A to domains in Forest B. Cannot ... forest functional level will this highest level break anything in the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Functional Levels and Trusts
    ... > a Windows 2000 Mixed Mode domain? ... >>> I need to build a trust between two domains in separate forests. ... >>> Domain Functional Level. ... >> a pair of domains which are not in the same forest. ...
    (microsoft.public.windows.server.active_directory)
  • Re: creating one way trust
    ... of different forest. ... It sounds for me that you do not need/have a trust, ... Once everything is replicated from the win2k svr. ... Let me try to understan a little more about youre network. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Huge AD deployment
    ... That was the case in Windows 2000, but in Windows Server 2003 forest trusts ... note though is that a forest trust is only transitive for domains within the ... >> company.com in that data center and have every country trust company.com ... instead of going over the internet. ...
    (microsoft.public.windows.server.active_directory)