join 2 seperate Windows 2000 forests

We have two physical sites that have worked independately. we now have a hardware VPN established between the two Physical site..

I now would like to blue.local to be able to trust blue.com.
Both pysical sites use different IP subnets.  

How do i go about link the two sites in Windows 2000 server, so users can access the other sites without authenication issues ?


Many Thanks In advance for your help
itsol187Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ocon827679Commented:
Why not set up a 2-way trust between the domains?  You don't want to join them in a single forest if there is a possibility that there have been schema changes in one that are different than the other.
Casca1Commented:
If the domains (and forests) are already in place, the only solution here is to follow ocon827679's suggestion and establish 2 one way trusts between the domains, unless you created one as a child domain of the other, I.E. Blue.com as the root domain in the forest, and Blue.local as the sub-domain.
JConchieCommented:
Or go to Windows 20003 where inter-forest transitive trusts are possible....and you don't have to set up individual trusts with each individual domain.
itsol187Author Commented:
thanks for your feedback

i have tried to create a explicit trust relationship, but get the following message ..


The blue.com domain cannot be contacted.If this domain is a windows domain, the trusts cannot be setup utill the domain is contacted.


I can ping the IP address of the Windows DC at blue.com.  Am i missing something here ?
ocon827679Commented:
Sounds like a name resolution problem.  These are both W2K domains right?  The easiest way to get them to see each other is to make each domains DNS a secondary of the other.  That way there will be a copy of the DNS in each domain.  Just go into the DNS manager and create a new forward lookup zone.  Select the zone to be a secondary and follow the instructions to add the other domains DNS.  Once the replication has occurred, you should be ableto set up the trust.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.