tdnooij
asked on
How to create a trust between two seperate domains
Hi,
I've created a new domain/DC inside our netwerk and I want to create a mutual trust between the two. The first step is to make them see each other using NSLookup, but this does not work. The main DC is a W2003 server with DNS server. The second DC is a W2008 server, also with a DNS server. When I ping DOMAIN1 from the second server it works. However, when I ping DOMAIN2 from the first it fails. What should I do to make this work?
Thanks,
Thomas
I've created a new domain/DC inside our netwerk and I want to create a mutual trust between the two. The first step is to make them see each other using NSLookup, but this does not work. The main DC is a W2003 server with DNS server. The second DC is a W2008 server, also with a DNS server. When I ping DOMAIN1 from the second server it works. However, when I ping DOMAIN2 from the first it fails. What should I do to make this work?
Thanks,
Thomas
also if you can't ping the 2008 server checkk your firewall settings. i think the server drops ICMP packets as standard. Have a look at the rules and make sure the 'File and Printer Sharing (Echo Request - ICMP4) Domain' is enabled in the inbound and outbound rules. That should let you ping the server, then follow Isek's advice.
ASKER
OK, I'm a step further: First I need to raise the functional level of the W2003 machine. However, I get the : the directory service is busy error. This is probably caused by the replication not being done. I investigated this and I found out that we had another DC in our domain which died. I've deleted it from the Domain Controllers in AD, but when I try to delete the Site in AD SItes and Services it gives me the error that the DC (that I deleted) still has objects and has to be demoted first. Any clues?
ASKER
Ok, I found this article to delete my old DC: http://support.microsoft.com/kb/216498
This works.
This works.
I assume that link refers to performing a metadata cleanup of the failed DC, as also described here: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
One you have the forwarders in place in each domain (to forward DNS requests for the other domain to it's DNS servers) and if any firewalls between the 2 domains are configured correctly, you should be able to create your trust...
I assume you already know which type of trust you want to create? Is your intent to migrate from one to the other, or to have both coexisting?
Pete
One you have the forwarders in place in each domain (to forward DNS requests for the other domain to it's DNS servers) and if any firewalls between the 2 domains are configured correctly, you should be able to create your trust...
I assume you already know which type of trust you want to create? Is your intent to migrate from one to the other, or to have both coexisting?
Pete
ASKER
I want to migrate from 2003SBS to a new W2008 Standard server. But I want a selective migration, so only some users. Now I cannot create the trust between W2003SBS and W2008 because of the SBS. What type of trust do I need?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://technet.microsoft.com/en-us/library/cc776940%28WS.10%29.aspx
Regards,
Krzysztof