Solved

Native Mode Win2K Domain and NT4 Domain Trust - Can it be done?

Posted on 2004-03-28
7
8,649 Views
Last Modified: 2013-12-19
We are on a Win2K Native Mode Domain and have just merged with another company which is on an NT4 Domain. The NT4 Domain will be upgraded to Win3K at a later date, but for now, can a trust relationship be established between the two safely, if so, how? Be, specific, please. Any known issues and does Microsoft approve of it?
0
Comment
Question by:Domitian
7 Comments
 
LVL 5

Accepted Solution

by:
visioneer earned 500 total points
ID: 10700140
Yes, you can establish an external trust in either direction (or both) from your forest to their domain.  

On your end, you would use Active Directory Domains and Trusts.  On their end, they would use User Manager.

http://support.microsoft.com/default.aspx?scid=kb;en-us;309682&Product=win2000

Perform the following steps to configure the one-way trust:
On a domain controller in the trusted domain, start the Active Directory Domains and Trusts console.
In the Domains that trust this domain pane, click Add.
In the Add Trusting Domain dialog box, type the name of the trusting domain, type a password, and then type the password again in the Confirm password box.
Click OK.
In the Active Directory dialog box, click OK to verify the trust.
Enter a user name and password of a user that has permissions to modify trust relationships in the trusting domain.

You receive a message that states that the trusting domain has been added and the trust verified.
Quit the Active Directory Domains and Trusts console.
On a domain controller in the trusting domain, start the Active Directory Domains and Trusts console.
Right-click the trusting domain and click Properties.
In the Domains trusted by this domain box, click Add.
In the Add Trusted Domain dialog box, type the name of the trusted domain and a password, and then type the password again in the Confirm Password dialog box.
Click OK.
NOTE: The DNS infrastructure must be in place so that domain controllers from each domain can find one another. You can configure Windows NT 4.0 domain trusts by using Windows NT 4.0 User Manager for Domains.

Create a One-Way Trust from a Windows NT 4.0 Domain to a Windows 2000 Domain
Add the Windows NT 4.0 domain as a trusting domain in the Windows 2000 Domains and Trusts console as described in steps 1 to 8 in the preceding section.
Start User Manager for Domains on a Windows NT 4.0 domain controller.
On the Policies menu, click Trust Relationships.
In the Trusted Domains pane, click Add.
In the Add Trusted Domain dialog box, type the trusted domain in the Domain box, type a password for the trust in the Password text box, and then click OK.
0
 
LVL 37

Expert Comment

by:bbao
ID: 10701282
i am afrarid that you can not implement this on-way trust from NT4 to W2K becuase your W2K servers are using NATIVE mode which is NOT compatible with NT4's NTLM authentication. anyway, give it try if it is conveniency.
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10701405
Really?  That's interesting, because I've actually done it before.
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 5

Expert Comment

by:visioneer
ID: 10701420
Actually, bbao, I'm not sure where you get your information, but Windows Server 2000 maintains compatibility with down-level clients (Windows NT 4.0, Windows 95, and Windows 98), so it uses the NTLM and LM authentication protocol for logins, even when in "native" mode. This means that the stronger Kerberos v5 authentication is not used for those systems. NTLM and LM are still used. NTLMv2, released in Service Pack 4 for Windows NT 4, is supported in Windows 2000 if you properly configure the clients and servers.
0
 
LVL 84

Expert Comment

by:oBdA
ID: 10702066
You can safely create a one-way or two-way trust between a W2k(3) domain running in native mode and an NT4 domain. You only need to pay attention to the "RestrictAnonymous" value and, of course, that your NetBIOS name resolution works OK. The KB309682 article is about one-trusts only; here are some more links that might be helpful (with KB308195, I created a two-way trust between a W2k3 domain running in W2k3 native mode and an NT4 domain without any problems):

HOW TO: Establish Trusts with a Windows NT-Based Domain in Windows 2000
http://support.microsoft.com/?kbid=308195

How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/?kbid=180094

HOW TO: Create a Trust Between a Windows 2000 Domain and a Windows NT 4.0 Domain
http://support.microsoft.com/?kbid=306733

HOW TO: Determine Trust Relationship Configurations
http://support.microsoft.com/?kbid=228477

Unable to Bring Up the User List from a Windows NT 4.0 Trusted Domain on a Windows 2000-Based Server
http://support.microsoft.com/?kbid=291684

The RestrictAnonymous Value Breaks the Trust in a Mixed-Domain Environment
http://support.microsoft.com/?kbid=296403

HOW TO: Set up a One-Way Non-Transitive Trust in Windows 2000
http://support.microsoft.com/?kbid=309682

Cannot Set Up Trust in Window 2000 Domain from Windows NT 4.0
http://support.microsoft.com/?kbid=255551
0
 

Expert Comment

by:piddle61
ID: 11925031
Native mode will only stop you having WinNT domain controllers in your domain. As above, you can set up external trusts using AD sites and services.
0
 

Expert Comment

by:network511
ID: 13250376
i can setup the trust between nt 4.0 and windows 2000 domains but cannot verify trust kepp getting access is denied.

I have used lmhosts files still no luck. Both domains are from two companies that have merged.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sonicwall AP 3 65
Select which programs use which internet connection 15 75
Issue with  IP address/conflict 10 100
Error 0X800704C8 - Plex App 2 43
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question