Solved

Trust Relation ship in windows 2000

Posted on 2006-11-15
13
287 Views
Last Modified: 2010-04-10
I have two domain controllers one  xxx.yyyy.com and another aaa.bbb.net . both are running on the same subnet.
i am able to ping between both the machines by both ip address and computer name.

I am able to see both DC in dns console and able to browse the dns entries of either of DC

But in active directory sites and services of each dc i am not able to see the other dc.

Can somebody explain  how i can connect  and work with both dcs in dns console but cannot do the same in active  
   directory sites and services.

   Once i get an answer i will pose subsequent questions related to the same topic




0
Comment
Question by:venkataramanaiahsr
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 14

Expert Comment

by:inbarasan
ID: 17946017
Dear venkataramanaiahsr,
OPen the DNS console and add the server name
You will be able to connect to it. If you don't have adminpak install then you can install the same
Normally it is stored under c:\windows\system32\adminpak.msi

Cheers!
0
 

Author Comment

by:venkataramanaiahsr
ID: 17946478
As i said, I am able to connect to the two dcs from either of the dns console. but i cannot do the same from
in active  directory sites and services. (Why???)
0
 
LVL 14

Expert Comment

by:inbarasan
ID: 17946552
at any point in time you will be conneted to only one DC. If you want to change the DC you can change by choosing the Domain controller in Sites and services
0
 
LVL 5

Expert Comment

by:cjtraman
ID: 17948525
You can view both the servers in AD Sites & Services -? Default First Site Name -> Servers.
If the servers are not visible, there are two chances
1. DC is installed in another site
2. DC is not nstalled at all.
0
 
LVL 7

Expert Comment

by:Kumar_Jayant123
ID: 17949275
I dont think you will ever see them in the AD sites and services.

Pinging the server or browsing the server is Name resolution NetBIOS or FQDN but they will never appear in ad sites and services.

AD sites and services is the place where you see the computers in the same domain and which replicate with each other. Two different domain will never replicate with each other.

If you have a trust relation between two domains that means both domains have the partial information of each other and they can authenticate the Users and that's the reason you can add any service in the snapin of each other domain. But again since they are in different domain they will not replicate and thus you wont see them in AD sites and services.

Hope that answers your question.
Kumar

0
 

Author Comment

by:venkataramanaiahsr
ID: 17953494
Basically i want to know whether these two dcs (on the same subnet)  are in same forest or not . sombody in this forum suggested that i can find it in AD sites and services .  

My main question is

Exchange server(2000) is installed in DC (windows 2000)  aaa.bbb.net  computer .

All my users authenticate with DC  xxx.yyyy.com (windows 2000)

(Both DC are on the same subnet xx.xx.xx.xx)

I want my users in DC xxx.yyy.com to use exchage server installed in aaa.bbb.net

I have a workaround that i create hosts file with  aaa.bbb.net  ipaddress and push it all the systems in the network.

then i can use exchange server from the systems logged on on xxx.yyy.com domain controller.

i cannot establish the trust relation ship with both the domains.

Is there any other easier soluton to this.

Any Early help in this regard is higly appreicated

regards
Venkat

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:venkataramanaiahsr
ID: 18025230
can anybody help ..............it is urgent
0
 
LVL 5

Expert Comment

by:cjtraman
ID: 18029284
From your briefing,
1) you have 2 domains (aaa.bbb.net) & (xxx.yyyy.com) in your same IP subnet.
Your case is discontigous namespace in a forest. You have two separate domain trees. when you have 2 domain trees in a forest, they have transitive trust relationship by default.
you can use AD Domain & Trusts to figure out the domain trees & forests

2) you need to manually add the .com domain login id in respective user mailbox security (by opening AD users & computers in .net domain) for every user.  Cumbersome indeed.

I suggest you make everybody to login to .net domain and remove the .com domain

Experts correct me, if i am wrong.

0
 

Author Comment

by:venkataramanaiahsr
ID: 18034251
The problem is aaa.bbb.net and xxx.yyyy.com  domains are built independently and built as domain controller for new domain option in dcpromo. This means that they are two independent forest  ............  Correct me if  am  wrong


In this scenario pls answer the above question...

it is very urgent as we have to finish the implementation in next two or three days.


Regards
Venkat
0
 

Author Comment

by:venkataramanaiahsr
ID: 18034299
The problem is aaa.bbb.net and xxx.yyyy.com  domains are built independently and built as domain controller for new domain option in dcpromo >> create a new domain tree >> Create a new  forest of domain trees This means that they are two independent forest  .... correct??


In this scenario pls answer the above question...

or tell me how to make aaa.bbb.net  domain tree part of xxx.yyyy.com  forest.   do i have to demote aaa.bbb.net
and once again build it as domain tree to be part of xxx.yyyy.com  forest .

Also tell me if by demoting and rebuilding the same will solve the problem and if so,  do i have to reinstall exchange 2000, and other applications once again

Regards
Venkat



0
 
LVL 5

Expert Comment

by:cjtraman
ID: 18034661
Then you have different forest level.
>> tell me how to make aaa.bbb.net  domain tree part of xxx.yyyy.com  forest.
 No you cannot make .net domain tree part of .com domain tree.

>>do i have to demote aaa.bbb.net and once again build it as domain tree to be part of xxx.yyyy.com  forest
 I am afraid no other option available. However, you can consider the acquisitation/merger scenario and create external forest level trust relationship and have MIIS installed to list the GAL in .com domain. But I suggest you not to make complications and go for having exchange in same domain (.com domain)
I suggest you to use exmerge as migration option. maybe export the contents to the PST file and add them to the respective user outlook profile.
You can install exchange server as member of .com domain and make life simpler. For smtp options, you ensure you change the ip address to point to your new server. You have reverse dns configured for your new server. use recepient policy in exchange system manager to have existing smtp domain name applied in all user property.
0
 

Author Comment

by:venkataramanaiahsr
ID: 18035068
to  make exchange as member server to .com domain , i have to demote  .net domain and then make it a member
to .com domain. in this scenario, do i have to reinstall exchange 2000.

another question -

Presently all my users have email accounts as username.bbb.net  and they will communicating internally as well
as externally using this accounts.


if i make exchange as member server to .com domain, by default the user mailbox is created as username.yyy.com

is there any method to have exchange as member server to .com domain and have  user emails configured as
username.bbb.net  so that both problems are solved.

if i do so will there be any performace hit. because the users will be logging on the system as .com users and
only for email thro outlook they will be using .net accout

regards
venkat

Regards
Venkat
0
 
LVL 5

Accepted Solution

by:
cjtraman earned 500 total points
ID: 18035177
>> to  make exchange as member server to .com domain , i have to demote  .net domain and then make it a member
to .com domain. in this scenario, do i have to reinstall exchange 2000.
Yes, you need to reinstall exchange server in the .com domain tree. i SUGGEST YOU THE FOLLOWING WAY.
Instead of removing the .net domain, you install exchange server in spare machine as member of .com domain. Using recepient policy in ESM, add the existing smtp domain (in.net domain) to the users.
Using exmerge option, export the mailbox contents to .pst file and import to the new server or add to the outlook profile of each server.
Once you configure the smtp to point to your new domain and test the mail flow. If successful, you can proceed with demotion of .net domain and configure the server to the .com domain. Using move mailbox option, move the user mailbox home to stable server.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now