We help IT Professionals succeed at work.

trusts between 2 active directory sites problem

we have had this trust working before but it went down and will not reestablish.
i am lookin in my dns and one thing is weird to me.
under my dns tabs
there is a folder called sites under my domain
i have 2 folders listed under sites
and then i have another folder listed as
"the name of my organization"
they have identical entries
what is bothersome is that the other active directory domain name i am trying to establsh a trust with only has one site listed
why do i have two sites?
could this be a problem
Watch Question


on my sites and services mmc for active directory I also noticed another peculiar thing.
there is not a server's folder listed under default-first-name-site
but there is a server's folder listed under the second site which is named after my organization which does have the correctly listed servers.
i was not around when this site was created or renamed or whatever so im a little lost

You have two sites appearing in your DNS zone because you probably have declared 2 AD sites in the "Active Directory Sites and Services" console in your 1rst AD forest...
If you think this AD site is unuseful and as there's no server under it, you may remove it in the "AD Sites and Services" console.

Anyway, this site stuff has nothing to do with your trust trouble...

To establish a trust between 2 AD forests you must ensure that DNS resolution is running between the 2 forest. That means that the DNS server of the 1rst AD forest must be able to resolve DNS names in the 2nd forest, and the opposite must be true also (2nd forest DNS servers must resolve names in the 1rst forest).
To do that, in my opinion, the best way is to add conditional DNS forwarders on each DNS server so that DNS requests for the remote forest DNS suffix are transmitted to the remote forest DNS servers.

As an example, let's suppose your 2rst forest in named "myfirstforest.local" and your second forest is named "mysecondforest.local". On each DNS server in the 1srt AD forest you should add a conditional forwarder fot the suffix "mysecondforest.local" and configure this forwarder to use IP addresses of DNS servers in the 2nd forest that host the DNS zone "mysecondforest.local".
In the same way, on each DNS server in the 2nd forest you should add a conditional forwarder for the suffix "myfirstforest.local" that points to IP address of DNS servers in "myfristforest.local" AD domain wher the "myfirstforest.local" DNS zone is hosted.

When you have verified that any DNS server is able to resolve DNS names in both forests (you can test is by using PING command) you also must ensure that your DNS records in your DNS zones are all OK. To do that, on each AD controller you'll user the commands DCDIAG and NETDIAG /FIX.

These commands should not report errors if your AD forests are well configured.

Finally, you establish the trust relationship between both domains by always giving the FQDN name of the domains (not the NetBIOS name).

Hope this helps.

Have a good day.