lindows101
asked on
Active Directory Forest Problem & Trusts
Ok, I have an interesting issue that I hope I can get a resolution on.
Let me state the facts first:
1. About a year ago we opened a new remote location and installed a new server as a separate domain and named it remote1.mydomain.com it was created in a new tree & new forest (I guess the thinking was that it was going to be a separate entity and that 2000 server was no where else in our organization)
2. A month ago our corporate offices upgraded to 2000 & AD, the domain was named mydomain.com and was created in a new tree & new forest (still no one was thinking that the 2 domains needed to access eachother).
3. Upgraded to Exchange 2000 Server and then decided that it was an urgent necessity to have these two domains trust eachother.
Problem:
The issue is that I cannot for the life of me get these 2 domains to trust eachother. They are in separate forests & trees but have a similar DNS name (one called remote1.mydomain.com & mydomain.com). I originally thought it was a DNS resolution issue, but know I really dont know and was hoping some of you experts might be able to assist me.
Demoting & Repromoing the remote location should be considered last resort as well as upgrading it to 2003 server and renaming it.
Can I create a trust between these two locations?
Thanks. Also, question points will be increased to 500 shortly (250 is all i have right now but I am purchasing more)
Let me state the facts first:
1. About a year ago we opened a new remote location and installed a new server as a separate domain and named it remote1.mydomain.com it was created in a new tree & new forest (I guess the thinking was that it was going to be a separate entity and that 2000 server was no where else in our organization)
2. A month ago our corporate offices upgraded to 2000 & AD, the domain was named mydomain.com and was created in a new tree & new forest (still no one was thinking that the 2 domains needed to access eachother).
3. Upgraded to Exchange 2000 Server and then decided that it was an urgent necessity to have these two domains trust eachother.
Problem:
The issue is that I cannot for the life of me get these 2 domains to trust eachother. They are in separate forests & trees but have a similar DNS name (one called remote1.mydomain.com & mydomain.com). I originally thought it was a DNS resolution issue, but know I really dont know and was hoping some of you experts might be able to assist me.
Demoting & Repromoing the remote location should be considered last resort as well as upgrading it to 2003 server and renaming it.
Can I create a trust between these two locations?
Thanks. Also, question points will be increased to 500 shortly (250 is all i have right now but I am purchasing more)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Netometer,
The remote domain is acutally named remote1.mydomain.com, the server is server1.remote1.mydomain.c
The remote domain is acutally named remote1.mydomain.com, the server is server1.remote1.mydomain.c
ASKER
Netometer,
Now do I need to create any DNS entries on each end so the DC's can resolve eachother?
I will try out your recommendation of zone delegation here in about in hour, but just wanted to see if I need to add some DNS records first so the DC's kind find eachother, or if that is what we are trying to accomplish by adding the zone delegation.
Now do I need to create any DNS entries on each end so the DC's can resolve eachother?
I will try out your recommendation of zone delegation here in about in hour, but just wanted to see if I need to add some DNS records first so the DC's kind find eachother, or if that is what we are trying to accomplish by adding the zone delegation.
ASKER
YEHAW!
Created the zone delegation, added the forwarder, and everything works excellent!!!
Netometer, you have no idea how much stress and frustration you just releaved from me!
I will accept the answer in a bit here (want to increase the points first, and am waiting on a refund from another question)
Created the zone delegation, added the forwarder, and everything works excellent!!!
Netometer, you have no idea how much stress and frustration you just releaved from me!
I will accept the answer in a bit here (want to increase the points first, and am waiting on a refund from another question)
ASKER
Actually... one more issue now... On my DC at our corporate offices (mydomain.com) I can access resources from remote1.mydomain.com directory just fine. However once I go to my exchange server and try to make a user account change it basically gives me a message that it cannot contact the domain. I am figuring that must be some sort of DNS resolution problem, but I cannot figure out why my DC running DNS can access it fine and this server cannot.... any clue?
ASKER
The Specific Error I get is:
The server is not operational.
The server is not operational.
Hi!
I just finished replicating your configuration in a test lab and it worked fine.
I have also exchange 2000 in Domain1 which is running on a separate server (not a domain controller) and everything works fine.
I would suggest to install support tools from Windows 200 installation CD on your Exchange server – here is an example:
http://www.netometer.net/samples/adinitsteps/step1/step1.html
Try running this from command prompt on the Exchange server (by the way is the Exchange running on a member server or on a DC):
nltest /dsgetdc:yourdomain.com
nltest /dsgetdc:remote1.yourdomai
What is the result?
NetoMeter
<removed by cs>
I just finished replicating your configuration in a test lab and it worked fine.
I have also exchange 2000 in Domain1 which is running on a separate server (not a domain controller) and everything works fine.
I would suggest to install support tools from Windows 200 installation CD on your Exchange server – here is an example:
http://www.netometer.net/samples/adinitsteps/step1/step1.html
Try running this from command prompt on the Exchange server (by the way is the Exchange running on a member server or on a DC):
nltest /dsgetdc:yourdomain.com
nltest /dsgetdc:remote1.yourdomai
What is the result?
NetoMeter
<removed by cs>
ASKER
Actually, I just needed to add SRV records in DNS for the remote domain and then everything functioned fine (after I used your method of course)
You saved me many headaches NetoMeter, thanks for spending the time to help me out.
Also.... I can award points now, or if you wait 3 days till my points are refunded in another question I can increase them to 500.. your call. But I would like to give you the max.
You saved me many headaches NetoMeter, thanks for spending the time to help me out.
Also.... I can award points now, or if you wait 3 days till my points are refunded in another question I can increase them to 500.. your call. But I would like to give you the max.
Hi!
I am glad that my suggestion was helpful. I am not in a hurry about the points
NetoMeter
I am glad that my suggestion was helpful. I am not in a hurry about the points
NetoMeter
You might want to try taking a workstaion or server and installing W2K server, promoting it to another domain, with a totally different name, like joe.com. Then see if you can set the trust, using the same procedures that you are using now. If it works, then your pointing at a naming issue.