Solved

Setting up a Forest Trust

Posted on 2008-10-02
2
1,487 Views
Last Modified: 2012-06-27
I am currently trying to set up a one-way transitive trust between two forests.  I have set up forwarders so the two DCs can talk to each other, but I need to raise my domain and forest functional levels to 2003 (they are currently set to 2000).  One DC runs Windows Server 2003, the other is running Windows Server 2008, so there is no problem there.

My only concern is that we have some member servers that are still running Windows Server 2000, and I want to set this trust up before upgrading those servers.  I read someplace that Windows Server 2000 will have problems in reading Active Directory Objects if the functional level is raised to 2003.  I wasn't 100% clear if that meant any member servers, or just domain controllers.  I need to know I can authenticate and have those 2000 machines contact the other hosts they deal with before I make the irreversible move of upping the functional levels of both the domains and the forests.  If anyone has any experience or can point me in the right direction, it would be much appreciated!
0
Comment
Question by:belly-buster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
ThorSG1 earned 500 total points
ID: 22630747
As long as the Domain Controllers are all 2003 then there is no problem.  We have 2 2000 servers in our domain and we upgraded our functional level without any problems.  Our Parent domain is has serveral 2000 servers as well and did not have an issue either when we changed the forest functional level to 2003.
0
 
LVL 1

Author Closing Comment

by:belly-buster
ID: 31502475
Excellent, that's what I was looking for!  I raised ours as well, and all seems to be working nice.  Thanks.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question