• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

Active Directory Forest Problem & Trusts

Ok, I have an interesting issue that I hope I can get a resolution on.

Let me state the facts first:

1. About a year ago we opened a new remote location and installed a new server as a separate domain and named it remote1.mydomain.com it was created in a new tree & new forest (I guess the thinking was that it was going to be a separate entity and that 2000 server was no where else in our organization)

2. A month ago our corporate offices upgraded to 2000 & AD, the domain was named mydomain.com and was created in a new tree & new forest (still no one was thinking that the 2 domains needed to access eachother).

3. Upgraded to Exchange 2000 Server and then decided that it was an urgent necessity to have these two domains trust eachother.

Problem:

The issue is that I cannot for the life of me get these 2 domains to trust eachother. They are in separate forests & trees but have a similar DNS name (one called remote1.mydomain.com & mydomain.com). I originally thought it was a DNS resolution issue, but know I really dont know and was hoping some of you experts might be able to assist me.

Demoting & Repromoing the remote location should be considered last resort as well as upgrading it to 2003 server and renaming it.

Can I create a trust between these two locations?
Thanks. Also, question points will be increased to 500 shortly (250 is all i have right now but I am purchasing more)
0
lindows101
Asked:
lindows101
  • 6
  • 3
1 Solution
 
NetoMeter ScreencastsCommented:
Hi!
My question is about “remote1.mydomain.com”.
Is that the name of the remote Domain or the name of the remote Domain Controller in the duplicate domain “mydomain.com”?
I am thinking about the following trick. Let’s call the main domain - Domain1 and the remote domain - Domain2.
The idea is to create a child domain at the remote location – child.Domain1. Then delegate a DNS zone for child.Domain1 at Domain2. Then create a cross-forest trust between child.Domain1 and Domain2. The final step would be moving the users with ADMT.
Of course that has to be done in a Lab environment first. If I have some time today I’ll give it a try.

I do not think that there is a way to merge the two AD because they have different Schemas and different GC’s.
If Remote1.mydomain.com is not the name of the DC at Domain2 but the FQDN of Domain2 then you can try to create a zone delegation at Domain1 for the zone “remote1.mydomain.com” to the DC at Domain2. Set a forwarder at the DNS server at Domain2 pointing to Domain1’s DNS server and try creating a cross-forest trust.

NetoMeter
<removed by cs>
0
 
ocon827679Commented:
I think that your problem is that the domain are the same name - mydomain.com.  The remote1.mydomain.com is being viewed as a subdomain of mydomain.com.  I would think that AD is having a problem with this naming since the remote1.etc is a logical subdomin of mydomain.com.

You might want to try taking a workstaion or server and installing W2K server, promoting it to another domain, with a totally different name, like joe.com.  Then see if you can set the trust, using the same procedures that you are using now.  If it works, then your pointing at a naming issue.
0
 
lindows101Author Commented:
Netometer,
The remote domain is acutally named remote1.mydomain.com, the server is server1.remote1.mydomain.com

0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
lindows101Author Commented:
Netometer,
Now do I need to create any DNS entries on each end so the DC's can resolve eachother?

I will try out your recommendation of zone delegation here in about in hour, but just wanted to see if I need to add some DNS records first so the DC's kind find eachother, or if that is what we are trying to accomplish by adding the zone delegation.
0
 
lindows101Author Commented:
YEHAW!
Created the zone delegation, added the forwarder, and everything works excellent!!!

Netometer, you have no idea how much stress and frustration you just releaved from me!

I will accept the answer in a bit here (want to increase the points first, and am waiting on a refund from another question)
0
 
lindows101Author Commented:
Actually... one more issue now... On my DC at our corporate offices (mydomain.com) I can access resources from remote1.mydomain.com directory just fine. However once I go to my exchange server and try to make a user account change it basically gives me a message that it cannot contact the domain. I am figuring that must be some sort of DNS resolution problem, but I cannot figure out why my DC running DNS can access it fine and this server cannot.... any clue?
0
 
lindows101Author Commented:
The Specific Error I get is:

The server is not operational.
0
 
NetoMeter ScreencastsCommented:
Hi!
I just finished replicating your configuration in a test lab and it worked fine.
I have also exchange 2000 in Domain1 which is running on a separate server (not a domain controller) and everything works fine.
I would suggest to install support tools from Windows 200 installation CD on your Exchange server – here is an example:
http://www.netometer.net/samples/adinitsteps/step1/step1.html
Try running this from command prompt on the Exchange server (by the way is the Exchange running on a  member server or on a DC):
nltest /dsgetdc:yourdomain.com
nltest /dsgetdc:remote1.yourdomain.com
What is the result?

NetoMeter
<removed by cs>
0
 
lindows101Author Commented:
Actually, I just needed to add SRV records in DNS for the remote domain and then everything functioned fine (after I used your method of course)

You saved me many headaches NetoMeter, thanks for spending the time to help me out.

Also.... I can award points now, or if you wait 3 days till my points are refunded in another question I can increase them to 500.. your call. But I would like to give you the max.
0
 
NetoMeter ScreencastsCommented:
Hi!
I am glad that my suggestion was helpful. I am not in a hurry about the points

NetoMeter
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now