Re: Problem Setting up Trust

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
Date: Mon, 31 Mar 2008 08:06:27 -0500

Any time I have had trouble setting up a trust it has been dns. I am
assuming both forests are at the same o/s level is that correct?

How do you have the dns setup? When you ping are you using the FQDN or the
ip address?

One thing to check for connectivity try to see if you can get the NTFRS
version from one forest to the other. From a command prompt on a dc from
each forest run the following:

NTFRSUTL version server_name

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Brett Bishop" <brett_bishop@xxxxxxxxxxxxxxxxx> wrote in message
news:A3A898D6-A532-40B6-A01F-E5CC81AB4AE9@xxxxxxxxxxxxxxxx

I am going to migrating from domain A to domain B so I need to create a
trust between them because I will be migrating 1 office at a time and their
files but my other offices will need access to those files on Domain B. I
have Domain B setup as a secondary zone in Domain A and vice versa. I can
ping any computer in the other domain and the domain itself on both.

My issue is that when I go to Domain A Domains and Trusts and right click
on domain A go to properties and then the trust tab. I click New Trust,
put in the FQN of domain B and select either External or Forest trust,
then two-way trust, then Both this domain and the specified domain, give
it a domain admin account info for the other domain. I get the following.
Cannot Continue
The trust relationship cannot be created because the following error
occurred:
The operation failed. The error is: Access is denied.

Just a note that if I go to domain B and check the security log it shows
my admin getting successfully authenticated from the domain A server.

Thanks much
Brett Bishop
MCSE

Follow-Ups:
- Re: Problem Setting up Trust
  - From: Brett Bishop

References:
- Problem Setting up Trust
  - From: Brett Bishop

Prev by Date: Re: replication failed access denied
Next by Date: Re: Problem Setting up Trust
Previous by thread: Re: Problem Setting up Trust
Next by thread: Re: Problem Setting up Trust
Index(es):
- Date
- Thread

Relevant Pages

Re: Trust between two Forests Fail
... Microsoft Technet "When to create a Forest Trust" a Forest trust fits ... services under Windows Active Directory (DNS, WINS and so on), Company B ...
(microsoft.public.windows.server.active_directory)
Re: Active Directory Restructure Question
... If you are building a new forest you can use the Active Directory ... To start would have to establish dns connectivity both ways, ... Once established you can then go and create your external trust, ... domains for your UNIX/LINUX servers, ...
(microsoft.public.windows.server.active_directory)
Re: Trust between two Forests Fail
... Microsoft Technet "When to create a Forest Trust" a Forest trust fits ... services under Windows Active Directory (DNS, WINS and so on), Company B ... Presumably you setup secondary DNS on each DNS server set for the OTHER ...
(microsoft.public.windows.server.active_directory)
RE: Domain Trusts
... since forest trusts is not supported in pre-2003 modes. ... forest trust, make sure to initiate the trust wizard from Admin.local and not ... OS is server 2003 standard edition, the domain and forest function level is ... 2- Open the DNS console on the stdavids.local, go to the properties of the ...
(microsoft.public.windows.server.active_directory)
Re: creating one way trust
... of different forest. ... It sounds for me that you do not need/have a trust, ... Once everything is replicated from the win2k svr. ... Let me try to understan a little more about youre network. ...
(microsoft.public.windows.server.active_directory)