Creating a Trust Relationship between two Domain Controllers.

Yes, I made a mistake...mikeleebrla is right: there is no PDC in post NT so I should have asked if fs2 would be the machine authenticating users.

FS1 is our current file server - Stores network shares.
FS2 is our new File Server - Will store all of our network shares, when FS1 is replaced.
App1 - is our application server, used for sales to access an accounting application remotely via Terminal services(we have about 14 sales people logining in at 1 time)  this has been promoted to a DC because terminal services does not run without this installed.

Also, none of the client computers are joined to App1 they are just joined to a workgroup.

All client computers have local profiles...  luv2smile thanks for your help :)

So if I understand this correctly:

You would install active directory on FS2 and so FS2 would authenticate users in the domain. You would need to only setup one domain and simply add App1 do that domain.

i think you misunderstood, but i could be wrong, b/c im confused somewhat myself..... mostym says that he promoted App1 to a DC,,, was there a domain at all before that,,, or is App1 the only DC?

Yes, I think the confusion is over if a domain is being created and on what machine is intended to be used to setup the domain.

"none of the client computers are joined to App1 they are just joined to a workgroup"

So this tells me there currently is no domain and that he will be creating a domain. I was assuming that FS2 had been designated to setup the domain on. But evaluating this more, it would make sense to setup the domain on App1 since its already a DC unless you need FS2 to be a DC for some other reason. That is considering that App1 doesn't run SQL or has some other characteristic that would make it not favorable to be the "main" DC so to speak.

If I'm going the wrong way with this, I apologize.

I appologize for the confusion.  

First let me make this very clear, app1 is a DC, however no client pcs are joined to this DC.  It is used for the sales team(remote) and accounting staff(local) to remote desktop to access an accounting software as well as a lead management tool.  The reason this is a DC is because terminal services can only be run when the server is a DC.

FS1 is NOT a DC, it is our current file server, it stores network shares, and is currently running DHCP.

When we replace FS1 with FS2 we want FS2 to be a DC so the client computers, can be joined to this DC, and so this can still be our DHCP server.

I hope this clears things up :)

Thanks

ok,, so do you want FS2 to be in its own domain,, or the same domain as app1, or in a child domain in the parent domain as app1.  each setup is different, you just have to decide what you want.

I would like to be able to have 1 login/password for each user, when they login to FS2 or app1.

thanks :)

then just have one flat domain.  you can join as many domain controllers as you would like to that domain.  just run DCpromo on a server that is a member of the domain.

Yep, one domain is all you need...no need for a trust. Follow the instructions I previously gave you for copying local profiles. The profiles will still be local, but the users will get the profile/desktop settings back. If you want to do roaming profiles then that's another topic, but I assume you want to keep the profiles local.

Are you saying since App1 is a DC, i can just join FS2 to App1 then promote FS2 to a DC?

kind of, but you are using the wrong terminology

FS2 will not be joined to App1
FS2 will be joined to whatever domain app1 is a DC of
then promote FS2 to a DC,,, then they will both be DCs in the same domain.

Ok, im a little confused.  

Under System Properties > Network Identification > Domain

It says corporate.local.  So you are saying that I should first join FS2 to corporate.local, then promote FS2 to a DC?

This is probably exactly what you said above... I just need to be sure :)

Thanks