Trust iand different forests

[Guest]

Hi all,

When creating an external trust between a win2003 forest and a win2000
forest. What type of mode does both the 2000 forest and 2003 forest have to
be? do they both have to be on native mode? Can someone please help me?

Thank you,
Most appreciative

 

[Jorge Silva]

Hi

External Trust can be created in Windows 2000 Mixed/Native or Windows 2003.
This trust is Nontransitive and can be 1 or two way.


--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator

 

[Ace Fekay [MVP]]

In

Hi all,

When creating an external trust between a win2003 forest and a win2000
forest. What type of mode does both the 2000 forest and 2003 forest
have to be? do they both have to be on native mode? Can someone
please help me?

Thank you,
Most appreciative

To add to Jorge's response: External trusts are based on NTLM and required
NetBIOS support if across subnets, such as WINS. THey are not DNS based,
such as a true Forest Windows 2003 to another 2003 forest trust.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]

 

[Jorge de Almeida Pinto [MVP]]

you can also use DNS as a name resolution mechanism instead of NetBIOS

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------

In

Hi all,

When creating an external trust between a win2003 forest and a win2000
forest. What type of mode does both the 2000 forest and 2003 forest
have to be? do they both have to be on native mode? Can someone
please help me?

Thank you,
Most appreciative

To add to Jorge's response: External trusts are based on NTLM and required
NetBIOS support if across subnets, such as WINS. THey are not DNS based,
such as a true Forest Windows 2003 to another 2003 forest trust.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
you to easily find, track threads, cross-post, sort by date, poster's
name, watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]

 

[Jorge de Almeida Pinto [MVP]]

and you may want to take the following into account:
MS-KBQ916474_How to optimize pass-through authentication of user accounts
after you create an external trust between two Microsoft Windows Server 2003
Service Pack 1 (SP1)-based forests
http://support.microsoft.com/?id=916474

"Multiple Forest Considerations in Windows 2000 and Windows Server 2003"
white paper
http://www.microsoft.com/downloads/...4b-0f21-4553-a0a5-6946eb074dd7&displaylang=en

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------
"Jorge de Almeida Pinto [MVP]"

you can also use DNS as a name resolution mechanism instead of NetBIOS

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------

In

Hi all,

When creating an external trust between a win2003 forest and a win2000
forest. What type of mode does both the 2000 forest and 2003 forest
have to be? do they both have to be on native mode? Can someone
please help me?

Thank you,
Most appreciative

To add to Jorge's response: External trusts are based on NTLM and
required NetBIOS support if across subnets, such as WINS. THey are not
DNS based, such as a true Forest Windows 2003 to another 2003 forest
trust.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook
Express or any other newsreader), and configure a news account, pointing
to news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
you to easily find, track threads, cross-post, sort by date, poster's
name, watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]

 

[Ace Fekay [MVP]]

In Jorge de Almeida Pinto [MVP]

you can also use DNS as a name resolution mechanism instead of NetBIOS

Jorge,

Didn't we discuss this in the past about NTLM style trusts wouldn't work
with DNS resolution?? I remember someone saying they thought they got it to
work, but found it didn't, unless it was using SMBs?

 

[Jorge de Almeida Pinto [MVP]]

Yep, I remember discussing this.

I have found this to work. First I believed it did work, until...

(1) I saw it working at a customers site
(2) Doing tests using Dean Well's ESX environment (he confirmed it to)

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[Ace Fekay [MVP]]

In Jorge de Almeida Pinto [MVP]

Yep, I remember discussing this.

I have found this to work. First I believed it did work, until...

(1) I saw it working at a customers site
(2) Doing tests using Dean Well's ESX environment (he confirmed it to)

Cool. If I remember, wasn't it DirectSMB based and not NetBIOS resolution?

Ace

 

[Jorge de Almeida Pinto [MVP]]

direcsmb = port 445 right?
on the customers site they had NO WINS, lmhosts or whatever interaction for
NetBIOS nameresolution

the tests Dean and I did, even NetBIOS was fully disabled...

in both cases it worked

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[Ace Fekay [MVP]]

In Jorge de Almeida Pinto [MVP]

direcsmb = port 445 right?
on the customers site they had NO WINS, lmhosts or whatever
interaction for NetBIOS nameresolution

the tests Dean and I did, even NetBIOS was fully disabled...

in both cases it worked

Correct, Direct SMB=445. So if netBIOS was disabled, it must have been
Direct SMB.

Ineresting...