Setting up trusts

[Rick]

Please could someone help. I am trying to set up trusts
between two Windows 2000 forests. I was having problems
getting the two domains to resolve each other. I then
added the following to an LMhosts files on both of the
domain controllers that I was trying to set up the trusts
from:

10.0.14.1 ofcom001 #PRE #DOM:OFCOM
10.0.14.1 "OFCOM \0x1b" #PRE
The other DC had the opposite information.

This was to allow the dc's to know who the PDC for the
other domain was in order to authenticate. This enabled me
to configure the trusts ok but as this is only in an
LMhosts file the trusting domain is only available on
those DC's and when I try to allocate permissions to a
resource on another computer in the domain to an account
in the trusting domain I get a message saying that the
server is not operational. My question is how do I achieve
the same as the LMhost file in DNS so that all servers
will be able to resolve the DC for the trusting domain.

Thanks in advance.

Rick

 

[Kevin D. Goodknecht [MVP]]

In

Please could someone help. I am trying to set up trusts
between two Windows 2000 forests. I was having problems
getting the two domains to resolve each other. I then
added the following to an LMhosts files on both of the
domain controllers that I was trying to set up the trusts
from:

10.0.14.1 ofcom001 #PRE #DOM:OFCOM
10.0.14.1 "OFCOM \0x1b" #PRE
The other DC had the opposite information.

This was to allow the dc's to know who the PDC for the
other domain was in order to authenticate. This enabled me
to configure the trusts ok but as this is only in an
LMhosts file the trusting domain is only available on
those DC's and when I try to allocate permissions to a
resource on another computer in the domain to an account
in the trusting domain I get a message saying that the
server is not operational. My question is how do I achieve
the same as the LMhost file in DNS so that all servers
will be able to resolve the DC for the trusting domain.

Thanks in advance.

Rick

The reason you get the server is not operational is because it cannot find
the DCs SRV records, or at least with an address it can use.
Set up a VPN link between the networks then use a secondary zone for the
other AD domain in DNS on each DC. That is the typical resolution.

 

[Ace Fekay [MVP]]

In

The reason you get the server is not operational is because it cannot find
the DCs SRV records, or at least with an address it can use.
Set up a VPN link between the networks then use a secondary zone for the
other AD domain in DNS on each DC. That is the typical resolution.

Kevin, actually trusts between two domains of different forests are
NetBIOS/NTLM based, not DNS/Kerberos, unless it's W2k3, which has forest
trusts functionality. I believe Rick here is just trying it between two
Domains.

My suggestions is to use WINS. Easy, foolproof and it just works. The
LMHOSTS thing has worked for me before, so not sure what the problem is
here, unless there is just no NetBIOS support between the subnets, assuming
these are on different subnets. WINS again...

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht [MVP]]

In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:

Kevin, actually trusts between two domains of different forests are
NetBIOS/NTLM based, not DNS/Kerberos, unless it's W2k3, which has
forest trusts functionality. I believe Rick here is just trying it
between two Domains.

OOOF, I stand corrected I guess I just try to get resolution Duh, wake
up Kevin.

 

[Ace Fekay [MVP]]

In

OOOF, I stand corrected I guess I just try to get resolution Duh,
wake up Kevin.

Smile!!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory