venkataramanaiahsr
asked on
Trust Relation ship in windows 2000
I have two domain controllers one xxx.yyyy.com and another aaa.bbb.net . both are running on the same subnet.
i am able to ping between both the machines by both ip address and computer name.
I am able to see both DC in dns console and able to browse the dns entries of either of DC
But in active directory sites and services of each dc i am not able to see the other dc.
Can somebody explain how i can connect and work with both dcs in dns console but cannot do the same in active
directory sites and services.
Once i get an answer i will pose subsequent questions related to the same topic
i am able to ping between both the machines by both ip address and computer name.
I am able to see both DC in dns console and able to browse the dns entries of either of DC
But in active directory sites and services of each dc i am not able to see the other dc.
Can somebody explain how i can connect and work with both dcs in dns console but cannot do the same in active
directory sites and services.
Once i get an answer i will pose subsequent questions related to the same topic
ASKER
As i said, I am able to connect to the two dcs from either of the dns console. but i cannot do the same from
in active directory sites and services. (Why???)
in active directory sites and services. (Why???)
at any point in time you will be conneted to only one DC. If you want to change the DC you can change by choosing the Domain controller in Sites and services
You can view both the servers in AD Sites & Services -? Default First Site Name -> Servers.
If the servers are not visible, there are two chances
1. DC is installed in another site
2. DC is not nstalled at all.
If the servers are not visible, there are two chances
1. DC is installed in another site
2. DC is not nstalled at all.
I dont think you will ever see them in the AD sites and services.
Pinging the server or browsing the server is Name resolution NetBIOS or FQDN but they will never appear in ad sites and services.
AD sites and services is the place where you see the computers in the same domain and which replicate with each other. Two different domain will never replicate with each other.
If you have a trust relation between two domains that means both domains have the partial information of each other and they can authenticate the Users and that's the reason you can add any service in the snapin of each other domain. But again since they are in different domain they will not replicate and thus you wont see them in AD sites and services.
Hope that answers your question.
Kumar
Pinging the server or browsing the server is Name resolution NetBIOS or FQDN but they will never appear in ad sites and services.
AD sites and services is the place where you see the computers in the same domain and which replicate with each other. Two different domain will never replicate with each other.
If you have a trust relation between two domains that means both domains have the partial information of each other and they can authenticate the Users and that's the reason you can add any service in the snapin of each other domain. But again since they are in different domain they will not replicate and thus you wont see them in AD sites and services.
Hope that answers your question.
Kumar
ASKER
Basically i want to know whether these two dcs (on the same subnet) are in same forest or not . sombody in this forum suggested that i can find it in AD sites and services .
My main question is
Exchange server(2000) is installed in DC (windows 2000) aaa.bbb.net computer .
All my users authenticate with DC xxx.yyyy.com (windows 2000)
(Both DC are on the same subnet xx.xx.xx.xx)
I want my users in DC xxx.yyy.com to use exchage server installed in aaa.bbb.net
I have a workaround that i create hosts file with aaa.bbb.net ipaddress and push it all the systems in the network.
then i can use exchange server from the systems logged on on xxx.yyy.com domain controller.
i cannot establish the trust relation ship with both the domains.
Is there any other easier soluton to this.
Any Early help in this regard is higly appreicated
regards
Venkat
My main question is
Exchange server(2000) is installed in DC (windows 2000) aaa.bbb.net computer .
All my users authenticate with DC xxx.yyyy.com (windows 2000)
(Both DC are on the same subnet xx.xx.xx.xx)
I want my users in DC xxx.yyy.com to use exchage server installed in aaa.bbb.net
I have a workaround that i create hosts file with aaa.bbb.net ipaddress and push it all the systems in the network.
then i can use exchange server from the systems logged on on xxx.yyy.com domain controller.
i cannot establish the trust relation ship with both the domains.
Is there any other easier soluton to this.
Any Early help in this regard is higly appreicated
regards
Venkat
ASKER
can anybody help ..............it is urgent
From your briefing,
1) you have 2 domains (aaa.bbb.net) & (xxx.yyyy.com) in your same IP subnet.
Your case is discontigous namespace in a forest. You have two separate domain trees. when you have 2 domain trees in a forest, they have transitive trust relationship by default.
you can use AD Domain & Trusts to figure out the domain trees & forests
2) you need to manually add the .com domain login id in respective user mailbox security (by opening AD users & computers in .net domain) for every user. Cumbersome indeed.
I suggest you make everybody to login to .net domain and remove the .com domain
Experts correct me, if i am wrong.
1) you have 2 domains (aaa.bbb.net) & (xxx.yyyy.com) in your same IP subnet.
Your case is discontigous namespace in a forest. You have two separate domain trees. when you have 2 domain trees in a forest, they have transitive trust relationship by default.
you can use AD Domain & Trusts to figure out the domain trees & forests
2) you need to manually add the .com domain login id in respective user mailbox security (by opening AD users & computers in .net domain) for every user. Cumbersome indeed.
I suggest you make everybody to login to .net domain and remove the .com domain
Experts correct me, if i am wrong.
ASKER
The problem is aaa.bbb.net and xxx.yyyy.com domains are built independently and built as domain controller for new domain option in dcpromo. This means that they are two independent forest ............ Correct me if am wrong
In this scenario pls answer the above question...
it is very urgent as we have to finish the implementation in next two or three days.
Regards
Venkat
In this scenario pls answer the above question...
it is very urgent as we have to finish the implementation in next two or three days.
Regards
Venkat
ASKER
The problem is aaa.bbb.net and xxx.yyyy.com domains are built independently and built as domain controller for new domain option in dcpromo >> create a new domain tree >> Create a new forest of domain trees This means that they are two independent forest .... correct??
In this scenario pls answer the above question...
or tell me how to make aaa.bbb.net domain tree part of xxx.yyyy.com forest. do i have to demote aaa.bbb.net
and once again build it as domain tree to be part of xxx.yyyy.com forest .
Also tell me if by demoting and rebuilding the same will solve the problem and if so, do i have to reinstall exchange 2000, and other applications once again
Regards
Venkat
In this scenario pls answer the above question...
or tell me how to make aaa.bbb.net domain tree part of xxx.yyyy.com forest. do i have to demote aaa.bbb.net
and once again build it as domain tree to be part of xxx.yyyy.com forest .
Also tell me if by demoting and rebuilding the same will solve the problem and if so, do i have to reinstall exchange 2000, and other applications once again
Regards
Venkat
Then you have different forest level.
>> tell me how to make aaa.bbb.net domain tree part of xxx.yyyy.com forest.
No you cannot make .net domain tree part of .com domain tree.
>>do i have to demote aaa.bbb.net and once again build it as domain tree to be part of xxx.yyyy.com forest
I am afraid no other option available. However, you can consider the acquisitation/merger scenario and create external forest level trust relationship and have MIIS installed to list the GAL in .com domain. But I suggest you not to make complications and go for having exchange in same domain (.com domain)
I suggest you to use exmerge as migration option. maybe export the contents to the PST file and add them to the respective user outlook profile.
You can install exchange server as member of .com domain and make life simpler. For smtp options, you ensure you change the ip address to point to your new server. You have reverse dns configured for your new server. use recepient policy in exchange system manager to have existing smtp domain name applied in all user property.
>> tell me how to make aaa.bbb.net domain tree part of xxx.yyyy.com forest.
No you cannot make .net domain tree part of .com domain tree.
>>do i have to demote aaa.bbb.net and once again build it as domain tree to be part of xxx.yyyy.com forest
I am afraid no other option available. However, you can consider the acquisitation/merger scenario and create external forest level trust relationship and have MIIS installed to list the GAL in .com domain. But I suggest you not to make complications and go for having exchange in same domain (.com domain)
I suggest you to use exmerge as migration option. maybe export the contents to the PST file and add them to the respective user outlook profile.
You can install exchange server as member of .com domain and make life simpler. For smtp options, you ensure you change the ip address to point to your new server. You have reverse dns configured for your new server. use recepient policy in exchange system manager to have existing smtp domain name applied in all user property.
ASKER
to make exchange as member server to .com domain , i have to demote .net domain and then make it a member
to .com domain. in this scenario, do i have to reinstall exchange 2000.
another question -
Presently all my users have email accounts as username.bbb.net and they will communicating internally as well
as externally using this accounts.
if i make exchange as member server to .com domain, by default the user mailbox is created as username.yyy.com
is there any method to have exchange as member server to .com domain and have user emails configured as
username.bbb.net so that both problems are solved.
if i do so will there be any performace hit. because the users will be logging on the system as .com users and
only for email thro outlook they will be using .net accout
regards
venkat
Regards
Venkat
to .com domain. in this scenario, do i have to reinstall exchange 2000.
another question -
Presently all my users have email accounts as username.bbb.net and they will communicating internally as well
as externally using this accounts.
if i make exchange as member server to .com domain, by default the user mailbox is created as username.yyy.com
is there any method to have exchange as member server to .com domain and have user emails configured as
username.bbb.net so that both problems are solved.
if i do so will there be any performace hit. because the users will be logging on the system as .com users and
only for email thro outlook they will be using .net accout
regards
venkat
Regards
Venkat
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OPen the DNS console and add the server name
You will be able to connect to it. If you don't have adminpak install then you can install the same
Normally it is stored under c:\windows\system32\adminp
Cheers!