Ciderspine
asked on
Active Directory Trusts
Hello,
Until today, all our Windows trusts were working fine. We're running in mixed mode with Tree Root and Child trusts. Now, for some unknown reason, users can only login to the domain the computer is a member of whereas before a user could select the domain from the dropdown menu, select the domain in which their account exists and they were able to login. Anyone experienced this? I've validated the trusts and not received any errors.
Until today, all our Windows trusts were working fine. We're running in mixed mode with Tree Root and Child trusts. Now, for some unknown reason, users can only login to the domain the computer is a member of whereas before a user could select the domain from the dropdown menu, select the domain in which their account exists and they were able to login. Anyone experienced this? I've validated the trusts and not received any errors.
Last Comment
scuthber
I'd use DCDIAG on DC(s) in your domains & make sure the KnowsOfRoleHolders section passes.
ASKER
In the trusting or trusted domains?
Thanks.
Thanks.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks,
I've got one of the trusts to work. The remove button was greyed out so I removed it with adsiedit and recreated it. But when I try to create the trust the other way I get messages about secure channel error and domain cannot be found.
It's mixed-mode domain - W2k and NT. Does that mean that I only have to manage the trusts from the windows 2000 servers or do I still need to manage the NT trusts?
I've got one of the trusts to work. The remove button was greyed out so I removed it with adsiedit and recreated it. But when I try to create the trust the other way I get messages about secure channel error and domain cannot be found.
It's mixed-mode domain - W2k and NT. Does that mean that I only have to manage the trusts from the windows 2000 servers or do I still need to manage the NT trusts?
ASKER
Tried nslookup (top tip - never thought of using it to lookup service records) and the workstations/server resolved every domain.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
BTW, have you got a GC in each of your domains?
ASKER
I'm not sure. I inherited this network a few weeks ago - it's a large college network. My predecessor left no documentation and kept everyone in the dark. I would hazard a guess and say that there isn't a GC in every domain. I'll have a look. BRB
ASKER
There isn't a GC in each domain.
ASKER
I seem to have cracked it - not sure how.
I'm glad to hear that. Thanks for the points anyway!
ASKER
You're welcome. You cleared up a lot of thing I wasn't sure about.
Thanks,
Ben
Thanks,
Ben
Windows 2000
Windows 2000 is an operating system for use on both client and server computers. It is the successor to Windows NT 4.0, and is the last version of Microsoft Windows to display the "Windows NT" designation. Four editions of Windows 2000 were released (Professional, Server, Advanced Server, and Datacenter Server) that shared a core set of features, including many system utilities such as the Microsoft Management Console. All versions of the operating system support NTFS 3.0, Encrypting File System, as well as basic and dynamic disk storage. The Windows 2000 Server family includes support for Active Directory services, Distributed File System and fault-redundant storage volumes.
37K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
