asked on

Setup trusts between 2003 SBS and 2000 server

I really hope you might be able to help me out with a serious problem i am about to encounter. Ok here goes.

I am installing an SBS 2003 server in tot Belfast site to replace 2000 server and exchange 2000. We also have a Dublin site which is main site and all mail comes. All mail for Belfast users gets routed to Belfast server. Dublins DC is running 2000 server with Exchange 2000

Dublin and Belfast are 2 seperate domains
Dublin internal domain= fgs.local
Belfast int domain= fgsbelfast.local
Both Dublin and Belfast email address are user@fgs.ie.

The problem i have is that i have read that it is not possible to setup trusts between 2 different domains with SBS. Unfortunately i am travelling 100 mles up to Belfast on Monday to set this up and only found out about this limitation few days ago. I have searched the web endlessly for a way around this problem but everyone says it cannot be down except for a few saying there is a backdoor or maybe some registry change on SBS to allow trusts.
I am really at my wits end and would really appreciate any help or advice you might have.
Please let me know if you need any more info that i might have left out.

Thanks in advance

Max

Fatal_Exception

I do know this, which you may already be aware of with SBS 2K3.. It MUST be installed as the first domain controller in the forest... From there, you may add DC's to the domain, but not until you have configured your SBS system for holding all the FSMO roles... Hopefully other experts will step in with suggestions before you head out of town... Good luck..!!

FE

MaxColmer

ASKER

Hi Fatal Exception,

Thanks for your feedback. I really am at my wits end. I am partly to blame for this mix up as i was the one who suggested to customer that SBS would be most suitable and cost effective solution not knowing that Trusts were not allowed. I have read in other forums that users are saying just to get full product but the sales guy had already quoted customer for server install and forgot to include pricing for extra CALs and DLT drive which did not go down too well as you can imagine. Because of this blunder i think that the customer would not take too well to asking him to fork out few extra grand for 2003 server and exchange 2003 +licensing.

The most annoying thing is that the customer site only has 10 users and the main Dublin site has 15 users so its not as if i am linking up large networks or anything its just been a hard lesson and i cannot see the point in me going all the way up there and knowing it dows not work. I have the 2003 SBS setup beside me and also have a 2000 server also setup going through hub on same subnet. What Bugs me is that in SBS\ admin tools\ users and comps domains and trusts is still in there even though you cannot use it and when you go through Trust wizard it all looks to be working fine until very end when it says "Setup cannot continue".

Anyone else with any suggestions on how i can get around this problem or if there are some registry tweaks to sort this i will reward FULL POINTS.

Thanks in advance

Fatal_Exception

Yes, I can empathize with your situation. But the problem still exists in that SBS does not support Trusts, and I see no way around this. There can only be one domain (no child domains).. In fact here is the MS brief on SBS2K3...

There are no limits on the number or type of servers that can exist in a Windows Small Business Server 2003 domain, with the following exceptions:

• Only one computer in a domain can be running Windows Small Business Server 2003.

• Windows Small Business Server 2003 must be the root of the Active Directory forest.

• Windows Small Business Server 2003 cannot trust any other domains.

• A Windows Small Business Server 2003 domain cannot have any child domains.

• Each additional computer running Windows Server 2003 must have a Windows Small Business Server 2003 client access license (CAL).

• A Windows Small Business Server 2003 domain can have no more than 75 CALs. You can use CALs for each user or for each device.

So, if you want to keep your existing domain structure, SBS will not work for you here. If you want to setup the SBS domain, and POP the email from Dublin, you could do that though... The domains would be separate though, without the ability to share resources... Again, if anyone has a workaround, I would love to hear it, but I really doubt it... :(

FE

MaxColmer

ASKER

Thanks for getting back to me. Yeah i have read all the limitations several times over hoping that the next time i read the trusts will be allowed!!

Can i ask what the main purpose of setting up trusts between 2 domains is? From what i can gather is is so each domain will allow the other domain users to access it without being prompted for domain, username and password? from what i have mentioned in this post, do i really need trust or can i work around it by not having it setup?

I am currently connected into the Belfast server and in AD users and comps it only lists the belfast users and no Dublin users. Does this mean that AD site replication is not taking place. I think that Email is their biggest concern about getting it from Dublin to Belfast. You mentioned pop the mails from Dublin to Belfast? I looked at current setup and there is i think a x400 connector which seems to be routing the mail. In my situation is the mail side of things not too much trouble?

Believe it or not, this is my first server project and i really started off with a nasty one!!!

As i might have mentioned earlier, i have a test lab setup with the 2003 SBS server for Belfast(fgsbelfast.local) and i have installed 2000 server on another server i have here. Both are on same subnet(for testing purposes) and going through hub.
When i go into network places and browse for windows networks it lists both fgs and fgsbelfast domains. If i am on Dublin 2000 server(fgs.local) and click on fgsbelfast in network places it lets me into it but then prompts me for username and password of belfast site ie username: fgsbelfast\administrator
password: ********
Once i add in it let me into belfast server. Then if i map network drive from Dublin to Belfast and browse to other server on remote site it works no prob.

The plot thickens.

Once again thank you for help. Any other takers??????

MaxColmer

ASKER

Oh yeah, i found this earlier but seems some of it is a bit over my head?

http://fac.ce.vreau.eu.org/sbs.html

and this sound like answer to my prob except the doc has been removed. Would anyone out there have this doc from Daniel Petri.

http://www.petri.co.il/creating_a_trust_relationship_between_two_sbs_2000_2003_domains.htm

Max

Fatal_Exception

Boy, if this is your first Server - Client setup, you sure did pick a mountain to climb. I am familiar with Petri's article and have read it before, but did not copy it down.... I believe he followed the example in your second link though.

You are correct in that the purpose of the trust is replication of the AD and giving the user the rights to access remote servers. If the only thing you need to do is to get mail, then like I said, you can configure your mail clients (Outlook) to pop the remote server and download the mail from there. You can also create a SMTP and POP server service using IIS on the remote location server.

If I find anything more, I will post back..

FE

MaxColmer

ASKER

Fatal exception,

I think i finally got a work around. what i shoud have done earlier. I called sales manger and told him that i have tried everything possible and it is not possible. he is going to call MD of my company and sort out problem. As a way of thanks i would like to give you the 500 points i was offering originally. Can you let me know how i award you the points and i will be more then happy to do so. Once again thanks for help

Max

ASKER CERTIFIED SOLUTION

Fatal_Exception

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Fatal_Exception

Thanks...!!

FE