Solved

Trust 2008/2003 Domain

Posted on 2009-04-09
8
328 Views
Last Modified: 2012-05-06
I have a 2008 domain and a sep. domain that is running 2003. the two sites are connected by a tunnel.  I want to create a 2 way trust between the domains.  Any  issues to look for?  Schema issues on the 2003?

thanks
0
Comment
Question by:jasonmichel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 19

Expert Comment

by:jss1199
ID: 24110337
No issues encountered here and we have several 2008 <> 2003 trusts.  See the EE post below for a good walkthrough on creating the trust.

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_23805633.html
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24110379
Do you have name resolution working between the domains?  That will be important.
You can use conditional forwarders or use secondary zones (not one way to do it), but they do need to be able to resolve.
Thanks
Mike
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 24110398
yeah i was just thinking about DNS...so i can just create a conditional forwarded just for the other domain..i currently have them pointed to opendns
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 24110425
Do you have DNS running in the domains?
 
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 24110440
yes..both sides
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24110511
ok then what you can do is
DomainA
Set conditional forwarding for domainb.com and point to those domain B DNS servers
and vice versa
Then you can test name resolution and an nltest
  • Nslookup targetDomainFQDN

  • nslookup
            set type=ns
             targetDomainFQDN
 
  • Nltest /dsgetdc: targetforestrootdomain.local
Any firewalls in the way?
Thanks
Mike
0
 
LVL 1

Author Comment

by:jasonmichel
ID: 24110546
well we have cisco routers on each end with an ipsec tunnel established
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24110728
ok then hopefully no port blocks there,  these are the ports that need to talk if there was a firewall
http://support.microsoft.com/kb/179442
 
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question