Server 2003 & Trusts between domains

Posted on 2006-04-24
Last Modified: 2010-04-18
I have three domain controllers behind one router.  The three servers all run Server 2003 Enterprise and are on the following IP set:


I want to establish trusts between the three domains so all users can authenticate to each domain as needed.  After going thru the wizard, I receive a failuire errors telling the user already exists.

I'm looking for step-by-step instructions and help on setting up these trusts.  I am using my domain names (ie: domain1, domain2, domain3) when I try to set up these trusts, and I am attempting two-way trusts in the wizard.

Can someone walk me thru this, step-by-step, inclusing what I type in each box, so I can get it down?

Thank you

Question by:crp0499
    LVL 51

    Expert Comment

    If these domains are all in the same forest, they trust each other already.

    You should already be able to log onto the other domains using the UPN (


    Author Comment

    Well, they are all on the same IP set if that's what you mean.  When I ran dcpromo on them, I made each one a new domain controller and created a new forrest.

    Author Comment

    PS: I can log into each one, but it's becasue I created the same user names and passwords in all three domains.  In the future, I'd like the other two to be updated when I add a new user in the first domain.

    Author Comment

    I figured out that I had not raised my servers to the Server 2003 domain/forest levels.  I've done that and identified that I want to establish a forest trust.

    However, when I get to the end of the wizard, I am asked to provide a username and password who has access to domain 2.  I put it a user that exists in domain 2 and who has access to establish the trust, and I still get the error that the trust failed and the user already exists.
    LVL 51

    Accepted Solution

    First off, the users will not populate all 3 server when create in one domain.  You'll need to remove duplicate users on the other servers.  Just leave the users on the domain they belong to and use user@domain to log in when NOT in their home domain.

    When you supply credentials to the wizard for the opposite domain, use DOMAIN\Administrator in the username box.


    Author Comment

    Thank you Netman66!

    Got it working like I wanted...


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    It is a known fact that servers reach the end of their lives. Some get there quicker than others, based on age, manufacturer, usage and several other factors. However, if your organization has spent time deploying Microsoft's Active Directory server…
    Learn about cloud computing and its benefits for small business owners.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now