T
tonyl
Is there anyway to create a trust between two domains in
separate forests? they are both Windows 2000 domains.
separate forests? they are both Windows 2000 domains.
A
Ace Fekay [MVP]
tonyl said:
Yes, that would be called an external trust and is done specifically between
two domains. This sort of trust requires NetBIOS resolution and NTLM
authentication, since an external is the same as an NT4 trust. It does not
use DNS. If the domains are on different subnets, then you would need to
support NetBIOS resolution, and the best way is to use WINS for that.
Go into AD Domains and Trusts and you set it up in there, just as you would
an old NT trust.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
J
Jimmy Andersson [MVP]
http://support.microsoft.com/?id=309682
Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------
"Ace Fekay [MVP]"
Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------
"Ace Fekay [MVP]"
A
Ace Fekay [MVP]
In
That link's alot easier than trying to explain it!
Ace
Jimmy Andersson said:
That link's alot easier than trying to explain it!
Ace
J
Jimmy Andersson [MVP]
Agree!
Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------
"Ace Fekay [MVP]"
Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Active Directory
---------- www.qadvice.com ----------
"Ace Fekay [MVP]"
G
Guest
Ace,
I have this scenario you mention, where I need to establish an external trust between 2 forests on different segments. Do you know which WINS records I must add, and to where?
cheers,
chris
I have this scenario you mention, where I need to establish an external trust between 2 forests on different segments. Do you know which WINS records I must add, and to where?
cheers,
chris
A
Ace Fekay [MVP]
In
I don't have a WINS server in front of me, but if you want to create it
manually, you can look at your existing DC's registration in WINS and mimic
it. If you just create a record, it will create 3 entries of it. You'll just
have to create the extra entry that identifies it as a DC (or whatever it
says, since I can exactly remember at this time).
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Chris said:
I don't have a WINS server in front of me, but if you want to create it
manually, you can look at your existing DC's registration in WINS and mimic
it. If you just create a record, it will create 3 entries of it. You'll just
have to create the extra entry that identifies it as a DC (or whatever it
says, since I can exactly remember at this time).
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
D
David Brandt [MSFT]
Trusts require Two way communication between the pdc's of the respective
domains (either nt or 2k) even for a one way trust. The nt4 pdc and win2k
pdce must be able to talk with each other, and they will be looking for the
1Bh record (1B) in either wins or from an lmhosts file. If using wins, then
you must see the 1b record with the name of the domain and the ip address of
the pdc for that respective domain, for both domains. Don't know if you
have wins in each domain doing push/pull or just using one wins server for
both.
Sometimes an easier way though to get them established is to just use an
lmhosts file to register the 1b in cache. Look at the following and be sure
that you see the 1b registration when you run the nbtstat commands. (If you
see the others but not the 1b, the most common reason is that there is not
Exactly 20 spaces between the double " ". If you don't see anything, then
most often, there is a txt extension on the lmhosts file which prevents it
from being read, and all extensions must be removed)
180094 How to Write an LMHOSTS File for Domain Validation and Other Name
http://support.microsoft.com/?id=180094
--
David Brandt
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
"Ace Fekay [MVP]"
domains (either nt or 2k) even for a one way trust. The nt4 pdc and win2k
pdce must be able to talk with each other, and they will be looking for the
1Bh record (1B) in either wins or from an lmhosts file. If using wins, then
you must see the 1b record with the name of the domain and the ip address of
the pdc for that respective domain, for both domains. Don't know if you
have wins in each domain doing push/pull or just using one wins server for
both.
Sometimes an easier way though to get them established is to just use an
lmhosts file to register the 1b in cache. Look at the following and be sure
that you see the 1b registration when you run the nbtstat commands. (If you
see the others but not the 1b, the most common reason is that there is not
Exactly 20 spaces between the double " ". If you don't see anything, then
most often, there is a txt extension on the lmhosts file which prevents it
from being read, and all extensions must be removed)
180094 How to Write an LMHOSTS File for Domain Validation and Other Name
http://support.microsoft.com/?id=180094
--
David Brandt
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
"Ace Fekay [MVP]"
A
Ace Fekay [MVP]
In
Thanks for posting that link David. Had it buried in my favorites and
couldn't find it at the time.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
David Brandt said:
Thanks for posting that link David. Had it buried in my favorites and
couldn't find it at the time.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
A
Ace Fekay [MVP]
In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted their thoughts, then I offered mine
Here's another link to add on a how-to:
Chapter 10 - Using LMHOSTS Files:
http://www.microsoft.com/technet/prodtechnol/winntas/reskit/net/sur_lmh.asp
Also, here's one I had in my archives (from a post from Nov, 2002) that may
help:
===================================
If I understand this correctly, I had the same problem.
Try creating entries in the LMHOSTS files on each server with the other
domains information. For example:
on Server01
<Server02 IP> <SERVER2NAME> #PRE #DOM:<DOMAIN2NAME> #Primary DC
<Server02 IP> "<DOMAIN2> \0x1b" #PRE
on Server02
<Server01 IP> <SERVER1NAME> #PRE #DOM:<DOMAIN1NAME> #Primary DC
<Server01 IP> "<DOMAIN1> \0x1b" #PRE
Note: The second lines have a SPECIFIC format:
<IP> "123456789012345*7890"
Use this as a template and make sure to replace the * with /. The number of
places and total length between quotes must match this template (20 places
total)...
Hope this helps!
=======================================
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
posted their thoughts, then I offered mine
Here's another link to add on a how-to:
Chapter 10 - Using LMHOSTS Files:
http://www.microsoft.com/technet/prodtechnol/winntas/reskit/net/sur_lmh.asp
Also, here's one I had in my archives (from a post from Nov, 2002) that may
help:
===================================
If I understand this correctly, I had the same problem.
Try creating entries in the LMHOSTS files on each server with the other
domains information. For example:
on Server01
<Server02 IP> <SERVER2NAME> #PRE #DOM:<DOMAIN2NAME> #Primary DC
<Server02 IP> "<DOMAIN2> \0x1b" #PRE
on Server02
<Server01 IP> <SERVER1NAME> #PRE #DOM:<DOMAIN1NAME> #Primary DC
<Server01 IP> "<DOMAIN1> \0x1b" #PRE
Note: The second lines have a SPECIFIC format:
<IP> "123456789012345*7890"
Use this as a template and make sure to replace the * with /. The number of
places and total length between quotes must match this template (20 places
total)...
Hope this helps!
=======================================
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
A
Ace Fekay [MVP]
In
Domain functional mode really has nothing to do with WINS. WINS is just a
NetBIOS enterprise name resolution support tool.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Chris said:
Domain functional mode really has nothing to do with WINS. WINS is just a
NetBIOS enterprise name resolution support tool.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory