T
tonyl
Is there anyway to create a trust between two domains in
separate forests? they are both Windows 2000 domains.
separate forests? they are both Windows 2000 domains.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
S
Steven L Umbach
Yes. But they will be non transtitive trusts like those used in NT4.0
Difficulty usually arises as the domain controllers can not find each other
from the other domain. One solution may be to ceate a secondary dns zone of
the of the other domain on your AD dns server. I suggest you post in the
win2000.active_directory newsgroup for more details/tricks/traps. --- Steve
http://www.windowsitlibrary.com/Content/617/06/5.html
Difficulty usually arises as the domain controllers can not find each other
from the other domain. One solution may be to ceate a secondary dns zone of
the of the other domain on your AD dns server. I suggest you post in the
win2000.active_directory newsgroup for more details/tricks/traps. --- Steve
http://www.windowsitlibrary.com/Content/617/06/5.html
B
Ben [MSFT]
Steven,
Actually when we create a trust between 2 W2K domains in separate forests
we will be creating an NTLM trust as opposed to a Kerberos trust (such as
an intra-domain transitive trust).
Since we are using NTLM we will intially rely on NetBIOS name resolution.
If the WINS servers for each domain do not perform any sort of push/pull
replication then one solution would be lmhosts files on the PDC Emulators
of each domain.
Within the lmhosts file you should ensure that they can resolve the 1B and
1C record for the other domain and the 00, 03 and 20 record for the other
PDC Emulator.
This is outlined further in KB article 180094:
http://support.microsoft.com/?id=180094.
blim
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| >From: "Steven L Umbach" <[email protected]>
| >Newsgroups: microsoft.public.win2000.security
| >References: <[email protected]>
| >Subject: Re: trusts between forests
| >Lines: 14
| >X-Priority: 3
| >X-MSMail-Priority: Normal
| >X-Newsreader: Microsoft Outlook Express 6.00.3718.0
| >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3718.0
| >Message-ID: <[email protected]>
| >NNTP-Posting-Host: 68.78.64.101
| >X-Complaints-To: (e-mail address removed)
| >X-Trace: newssrv26.news.prodigy.com 1071602394 ST000 68.78.64.101 (Tue,
16 Dec 2003 14:19:54 EST)
| >NNTP-Posting-Date: Tue, 16 Dec 2003 14:19:54 EST
| >Organization: SBC http://yahoo.sbc.com
| >X-UserInfo1:
FKPGWWSGXRVQRWHXNKK^_T\B\JYL@DHLLBWLOOAFEQR@ETUCCNSKQFCY@TXDX_WHSVB]ZEJLSNY\
^J[CUVSA_QLFC^RQHUPH[P[NRWCCMLSNPOD_ESALHUK@TDFUZHBLJ\XGKL^NXA\EVHSP[D_C^B_^
JCX^W]CHBAX]POG@SSAZQ\LE[DCNMUPG_VSC@VJM
| >Date: Tue, 16 Dec 2003 19:19:54 GMT
| >Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!skynet.be!213.51.129.3.MISMA
TCH!newshub1.home.nl!home.nl!in.100proofnews.com!in.100proofnews.com!prodigy
.com!newsmst01.news.prodigy.com!prodigy.com!postmaster.news.prodigy.com!news
srv26.news.prodigy.com.POSTED!not-for-mail
| >Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.security:17910
| >X-Tomcat-NG: microsoft.public.win2000.security
| >
| >Yes. But they will be non transtitive trusts like those used in NT4.0
| >Difficulty usually arises as the domain controllers can not find each
other
| >from the other domain. One solution may be to ceate a secondary dns zone
of
| >the of the other domain on your AD dns server. I suggest you post in the
| >win2000.active_directory newsgroup for more details/tricks/traps. ---
Steve
| >
| >http://www.windowsitlibrary.com/Content/617/06/5.html
| >
| >| >> Is there anyway to create a trust between two domains in
| >> separate forests? they are both Windows 2000 domains.
| >
| >
| >
Actually when we create a trust between 2 W2K domains in separate forests
we will be creating an NTLM trust as opposed to a Kerberos trust (such as
an intra-domain transitive trust).
Since we are using NTLM we will intially rely on NetBIOS name resolution.
If the WINS servers for each domain do not perform any sort of push/pull
replication then one solution would be lmhosts files on the PDC Emulators
of each domain.
Within the lmhosts file you should ensure that they can resolve the 1B and
1C record for the other domain and the 00, 03 and 20 record for the other
PDC Emulator.
This is outlined further in KB article 180094:
http://support.microsoft.com/?id=180094.
blim
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| >From: "Steven L Umbach" <[email protected]>
| >Newsgroups: microsoft.public.win2000.security
| >References: <[email protected]>
| >Subject: Re: trusts between forests
| >Lines: 14
| >X-Priority: 3
| >X-MSMail-Priority: Normal
| >X-Newsreader: Microsoft Outlook Express 6.00.3718.0
| >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3718.0
| >Message-ID: <[email protected]>
| >NNTP-Posting-Host: 68.78.64.101
| >X-Complaints-To: (e-mail address removed)
| >X-Trace: newssrv26.news.prodigy.com 1071602394 ST000 68.78.64.101 (Tue,
16 Dec 2003 14:19:54 EST)
| >NNTP-Posting-Date: Tue, 16 Dec 2003 14:19:54 EST
| >Organization: SBC http://yahoo.sbc.com
| >X-UserInfo1:
FKPGWWSGXRVQRWHXNKK^_T\B\JYL@DHLLBWLOOAFEQR@ETUCCNSKQFCY@TXDX_WHSVB]ZEJLSNY\
^J[CUVSA_QLFC^RQHUPH[P[NRWCCMLSNPOD_ESALHUK@TDFUZHBLJ\XGKL^NXA\EVHSP[D_C^B_^
JCX^W]CHBAX]POG@SSAZQ\LE[DCNMUPG_VSC@VJM
| >Date: Tue, 16 Dec 2003 19:19:54 GMT
| >Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!skynet.be!213.51.129.3.MISMA
TCH!newshub1.home.nl!home.nl!in.100proofnews.com!in.100proofnews.com!prodigy
.com!newsmst01.news.prodigy.com!prodigy.com!postmaster.news.prodigy.com!news
srv26.news.prodigy.com.POSTED!not-for-mail
| >Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.security:17910
| >X-Tomcat-NG: microsoft.public.win2000.security
| >
| >Yes. But they will be non transtitive trusts like those used in NT4.0
| >Difficulty usually arises as the domain controllers can not find each
other
| >from the other domain. One solution may be to ceate a secondary dns zone
of
| >the of the other domain on your AD dns server. I suggest you post in the
| >win2000.active_directory newsgroup for more details/tricks/traps. ---
Steve
| >
| >http://www.windowsitlibrary.com/Content/617/06/5.html
| >
| >| >> Is there anyway to create a trust between two domains in
| >> separate forests? they are both Windows 2000 domains.
| >
| >
| >
S
Steven L Umbach
Thanks for that information Ben! --- Steve
Ben said:Steven,
Actually when we create a trust between 2 W2K domains in separate forests
we will be creating an NTLM trust as opposed to a Kerberos trust (such as
an intra-domain transitive trust).
Since we are using NTLM we will intially rely on NetBIOS name resolution.
If the WINS servers for each domain do not perform any sort of push/pull
replication then one solution would be lmhosts files on the PDC Emulators
of each domain.
Within the lmhosts file you should ensure that they can resolve the 1B and
1C record for the other domain and the 00, 03 and 20 record for the other
PDC Emulator.
This is outlined further in KB article 180094:
http://support.microsoft.com/?id=180094.
blim
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| >From: "Steven L Umbach" <[email protected]>
| >Newsgroups: microsoft.public.win2000.security
| >References: <[email protected]>
| >Subject: Re: trusts between forests
| >Lines: 14
| >X-Priority: 3
| >X-MSMail-Priority: Normal
| >X-Newsreader: Microsoft Outlook Express 6.00.3718.0
| >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3718.0
| >Message-ID: <[email protected]>
| >NNTP-Posting-Host: 68.78.64.101
| >X-Complaints-To: (e-mail address removed)
| >X-Trace: newssrv26.news.prodigy.com 1071602394 ST000 68.78.64.101 (Tue,
16 Dec 2003 14:19:54 EST)
| >NNTP-Posting-Date: Tue, 16 Dec 2003 14:19:54 EST
| >Organization: SBC http://yahoo.sbc.com
| >X-UserInfo1:
FKPGWWSGXRVQRWHXNKK^_T\B\JYL@DHLLBWLOOAFEQR@ETUCCNSKQFCY@TXDX_WHSVB]ZEJLSNY\
^J[CUVSA_QLFC^RQHUPH[P[NRWCCMLSNPOD_ESALHUK@TDFUZHBLJ\XGKL^NXA\EVHSP[D_C^B_^
JCX^W]CHBAX]POG@SSAZQ\LE[DCNMUPG_VSC@VJM
| >Date: Tue, 16 Dec 2003 19:19:54 GMT
| >Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
phx.gbl!newsfeed00.sul.t-online.de!t-online.de!skynet.be!213.51.129.3.MISMA
TCH!newshub1.home.nl!home.nl!in.100proofnews.com!in.100proofnews.com!prodigy
com!newsmst01.news.prodigy.com!prodigy.com!postmaster.news.prodigy.com!news
srv26.news.prodigy.com.POSTED!not-for-mail
| >Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.security:17910
| >X-Tomcat-NG: microsoft.public.win2000.security
| >
| >Yes. But they will be non transtitive trusts like those used in NT4.0
| >Difficulty usually arises as the domain controllers can not find each
other
| >from the other domain. One solution may be to ceate a secondary dns zone
of
| >the of the other domain on your AD dns server. I suggest you post in the
| >win2000.active_directory newsgroup for more details/tricks/traps. ---
Steve
| >
| >http://www.windowsitlibrary.com/Content/617/06/5.html
| >
| >| >> Is there anyway to create a trust between two domains in
| >> separate forests? they are both Windows 2000 domains.
| >
| >
| >
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.