Trust between 2000 and 2003 domain

[Herb Martin]

We have a customer who wants to merge 2 parts of his organisation.

DomainA:
Windows 2003 domain, only domain in forest
Domain functional level: Windows 2000 Mixed
Exchange 2003 server

DomainB:
Windows 2000 domain, only domain in forest
Domain functional level: Native mode
Windows clients

Eventually the 2 domains wil be merged but in fase 1 the users in DomainB
want to connect their Outlook to the Exchange server in DomainA.

I understand that I have to create a forest trust, but is it necessary to
upgrade the Windows 2000 domain controller first?

Yes, for a "forest trust", but you can also use External Trusts which
work with Win2000 (and any mode/level of Win2003.)

At this point I can't see the forest for the trees and I could definitly
use some guidance.

Ignore trees they are practically unimportant except in very limited
naming issues.

To make things even more complex both domains have the same NETBIOS name.

You are likely hosed. External trusts generally use NetBIOS.

If you can get one of the domains/forests to Win2003 Server Native mode and
Win2003 Forest Functional Level it can be renamed.

You will also have trouble with the migration in such cases.

You might do a two-step migration to some other domain name and then
migrate or trust the other domain.

 

[Jetze Mellema \(MS MVP\)]

We have a customer who wants to merge 2 parts of his organisation.

DomainA:
Windows 2003 domain, only domain in forest
Domain functional level: Windows 2000 Mixed
Exchange 2003 server

DomainB:
Windows 2000 domain, only domain in forest
Domain functional level: Native mode
Windows clients

Eventually the 2 domains wil be merged but in fase 1 the users in DomainB
want to connect their Outlook to the Exchange server in DomainA.

I understand that I have to create a forest trust, but is it necessary to
upgrade the Windows 2000 domain controller first? At this point I can't see
the forest for the trees and I could definitly use some guidance.

To make things even more complex both domains have the same NETBIOS name.
;-(
--
Met vriendelijke groet,

Jetze Mellema (MS MVP)
http://www.mellema.net/homecomputers
How to ask a question: http://support.microsoft.com/?id=555375

 

[Jimmy Andersson]

Hi,

I agree with Herb, a two-step approach will, IMHO, be easier. If you choose
to use the "domain rename option" it has a couple of caveats that needs to
be considered... Such as what applications do you have installed, some of
them need (most likely) to be reinstalled etc...

My 2 cents...

Regards,
/Jimmy

 

[Herb Martin]

Hi,

I agree with Herb, a two-step approach will, IMHO, be easier. If you
choose to use the "domain rename option" it has a couple of caveats that
needs to be considered... Such as what applications do you have installed,
some of them need (most likely) to be reinstalled etc...

And I have to wonder: Who named this the same and WHY?

Is this one of those cases where the admins though to upgrade
to Win2003 by doing a NEW domain install instead of just
upgrading the existing domain? (i.e., the EASY way)

 

[Jimmy Andersson [MVP]]

Hi,

I'm not sure what you mean with "And I have to wonder: Who named this the
same and WHY?" so I need to ask for clarification, please.

If you mean, that the short-term solution is to upgrade in order to do a
forest trust, I agree that will be one quick way. But if the long-term
solution will be to merge the two domains, why not do the two-step approach
right away? Since they have the same NetBIOS name they will have issues if
they don't separate the two completely...

But as mentioned at the top, I might have misunderstood you Herb. And if
that is the case, please help me understand what you mean (english is not my
native language)...

Regards,
/Jimmy

 

[Herb Martin]

Hi,

I'm not sure what you mean with "And I have to wonder: Who named this the
same and WHY?" so I need to ask for clarification, please.

Why would anyone install a second Doman and give it the same name, even
the same NetBIOS name?

If you mean, that the short-term solution is to upgrade in order to do a
forest trust, I agree that will be one quick way. But if the long-term
solution will be to merge the two domains, why not do the two-step
approach right away? Since they have the same NetBIOS name they will have
issues if they don't separate the two completely...

But as mentioned at the top, I might have misunderstood you Herb. And if
that is the case, please help me understand what you mean (english is not
my native language)...

Your English is a LOT better than my [insert your native language here].

<grin>

 

[Jimmy Andersson [MVP]]

Inline.

....and now I understand!

Regards,
/Jimmy
--------------------------------------------------
Jimmy Andersson, Principal Advisor - Q Advice AB
Microsoft MVP - Directory Services & Security
--------------- www.qadvice.com ----------------

Why would anyone install a second Doman and give it the same name, even
the same NetBIOS name?

[Jimmy]
Totally agree

If you mean, that the short-term solution is to upgrade in order to do a
forest trust, I agree that will be one quick way. But if the long-term
solution will be to merge the two domains, why not do the two-step
approach right away? Since they have the same NetBIOS name they will have
issues if they don't separate the two completely...

But as mentioned at the top, I might have misunderstood you Herb. And if
that is the case, please help me understand what you mean (english is not
my native language)...

Your English is a LOT better than my [insert your native language here].

<grin>

[Jimmy]
Wouldn't say that

 

[Herb Martin]

Your English is a LOT better than my [insert your native language here].

<grin>

[Jimmy]
Wouldn't say that

What is your native language?

I speak really bad German, French, Spanish, and a (very) little Russian,
Nederlands, and Arabic. (Or I did at one time and would need practice
to say anything useful.)

Languages are a hobby of mine.

 

[Jimmy Andersson [MVP]]

Hi,

My native language is Swedish, though I understand/speak most of Norwegian
and Danish. German, Spanish and French is no talk just listen for me, and
hopefully I understand some of the words enough to know what they are
talking about

Regards,
/Jimmy
--------------------------------------------------
Jimmy Andersson, Principal Advisor - Q Advice AB
Microsoft MVP - Directory Services & Security
--------------- www.qadvice.com ----------------

Your English is a LOT better than my [insert your native language here].

<grin>

[Jimmy]
Wouldn't say that

What is your native language?

I speak really bad German, French, Spanish, and a (very) little Russian,
Nederlands, and Arabic. (Or I did at one time and would need practice
to say anything useful.)

Languages are a hobby of mine.

 

[Herb Martin]

Hi,

My native language is Swedish, though I understand/speak most of Norwegian
and Danish. German, Spanish and French is no talk just listen for me, and
hopefully I understand some of the words enough to know what they are
talking about

You probably speak better Danish. German, Spanish and French than
any of my languages -- I am fluent in NOTHING besides English, but
I can find my way around, shop and get dinner or a hotel.

 

[Paul Williams [MVP]]

That's more than me. I just look blankly, hope they're not abusing me, and
smile and hope someone will help me... : )

 

[Jimmy Andersson [MVP]]

....as long as I can get food and (put favourite drink here) I'm happy

Regards,
/Jimmy

 

[Herb Martin]

That's more than me. I just look blankly, hope they're not abusing me,
and smile and hope someone will help me... : )

So you must never visit France then. <grin>

 

[Paul Williams [MVP]]

LOL, not without a close friend who's dating a Frenchie... : )

 

[Jetze Mellema \(MS MVP\)]

Why would anyone install a second Doman and give it the same name, even
the same NetBIOS name?

I am very glad that I can say that I had nothing to do with that. The
customer started with an internal domain called businessname.local. Next
they builded a second environment for their external offices, a single
domain with EX2k3 and CRM. This domain is called businessname.extra and is
hosted externally. The NETBIOS name of both domains is businessname.

But now they want their local workers to use Exchange and the CRM
application from the hosted environment. So they asked how to do that form
their local environment. Also they want some centralized management and
administration but I guess that's a bridge too far for the moment.

I guess that their internal users have to make a second Outlook profile to
connect and authenticate to the Exchange server. I will look further into
the possibilities of a two step migration. Thanks for your help.
--
Met vriendelijke groet,

Jetze Mellema (MS MVP)
http://www.mellema.net/homecomputers
How to ask a question: http://support.microsoft.com/?id=555375

 

[Herb Martin]

I am very glad that I can say that I had nothing to do with that. The ....

But now they want their local workers to use Exchange and the CRM
application from the hosted environment. So they asked how to do that form
their local environment. Also they want some centralized management and
administration but I guess that's a bridge too far for the moment.

What specifically does "some centralized management" mean?

What specifically do they wish to be able to do?

(My suspicion is that you/they may think that being in the same forest
means more than it really does...mostly it is about sharing resources
and being able to [manually] admin users in other domains of the forest,
actually 'users' are technically just 'resources' to an admin.).

I guess that their internal users have to make a second Outlook profile to
connect and authenticate to the Exchange server. I will look further into
the possibilities of a two step migration. Thanks for your help.

Ask the Exchange guys. They may be able authenticate directly with
Exchange (2 accounts) but I am not the expert on Exchange.

Met vriendelijke groet,

Thank you.

 

[Jetze Mellema \(MS MVP\)]

What specifically does "some centralized management" mean?

Currently teh internal users have two seperate accounts in both domains. The
customer wants one
Active Directory, one place to manage distribution lists, multiple DCs per
domain (the current domains have only one DC), one Exchange organization,
etcetera.

Ask the Exchange guys. They may be able authenticate directly with
Exchange (2 accounts) but I am not the expert on Exchange.

I think this will work, I justed tested it.
--
Met vriendelijke groet,

Jetze Mellema (MS MVP)
http://www.mellema.net/homecomputers
How to ask a question: http://support.microsoft.com/?id=555375

 

[Jetze Mellema \(MS MVP\)]

We have a customer who wants to merge 2 parts of his organisation.

DomainA:
Windows 2003 domain, only domain in forest
Domain functional level: Windows 2000 Mixed
Exchange 2003 server

DomainB:
Windows 2000 domain, only domain in forest
Domain functional level: Native mode
Windows clients

Eventually the 2 domains wil be merged but in fase 1 the users in DomainB
want to connect their Outlook to the Exchange server in DomainA.

I understand that I have to create a forest trust, but is it necessary to
upgrade the Windows 2000 domain controller first? At this point I can't
see the forest for the trees and I could definitly use some guidance.

To make things even more complex both domains have the same NETBIOS name.
;-(

Correction:

The first domain:
Domain: my-company.local
NETBIOS: mycompany

The second domain:
Domain: my-company.extra
NETBIOS: my-company

I made a mistake, only the fist part of the FQDN is the same, the NETBIOS
name is actually different, one of them contains a hyphen.

Any advice?
--
Met vriendelijke groet,

Jetze Mellema (MS MVP)
http://www.mellema.net/homecomputers
How to ask a question: http://support.microsoft.com/?id=555375

 

[Herb Martin]

Yes, Win2003 Forest Functional Level is required on BOTH domains
for a Forest Level Trust to work.

Correction:
I made a mistake, only the fist part of the FQDN is the same, the NETBIOS
name is actually different, one of them contains a hyphen.

Then an "EXTERNAL trust" (or pair of them) might be perfectly sufficient.

 

[Jetze Mellema \(MS MVP\)]

Yes, Win2003 Forest Functional Level is required on BOTH domains
for a Forest Level Trust to work.


Then an "EXTERNAL trust" (or pair of them) might be perfectly sufficient.

Thanks Herb!
--
Met vriendelijke groet,

Jetze Mellema (MS MVP)
http://www.mellema.net/homecomputers
How to ask a question: http://support.microsoft.com/?id=555375