Solved

can't establish trust between windows 2003 and windows 2008 domains

Posted on 2011-03-09
11
1,800 Views
Last Modified: 2012-09-05
I am trying to migrate users from a windows 2003 domain to a brand new windows 2008 domain.  As I understand it, to get the ADMT to work I need a trust relationship between the 2 domains.  I have not been able to establish a trust relationship between the 2 domains The 2008 Domain is at 2008 functional level and the 2003 Domain is at the 2003 functional level.  I'm guessing this is where my problem resides, but before I go through the trouble of rebuilding my 2008 Domain and set it to the 2003 functional level, is there anything else I can do to either lower the level to 2003, establish a trust between the 2 domains or just get the ADMT tool to work without a trust relationship?
0
Comment
Question by:a245439
11 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 35084605
I think your best bet would be to lower functional level to 2003.
0
 
LVL 3

Expert Comment

by:DavidLeal
ID: 35084980
What error message appear?

I have a 2008 domain (2008 funcional level) with trust with other 2 domains one 2000 (funcional level 2000) and other 2003 (funcional level 2003)

and dont have any problem with trusts
0
 

Author Comment

by:a245439
ID: 35085105
Error message received - Cannot create a forest trust to the specified forest.  The specified forest is not at the necessary forest functional level.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Expert Comment

by:DavidLeal
ID: 35085161
the windows 2003 forest are native or mixed?
0
 

Author Comment

by:a245439
ID: 35085200
2003 forest is native.  There is only one DC in the forest.
0
 
LVL 3

Expert Comment

by:DavidLeal
ID: 35085252
0
 

Accepted Solution

by:
a245439 earned 0 total points
ID: 35094736
Thanks for the link but it wasn't quite what I needed.  My situation may be a bit different.  I'm going from 2 completely different subnets through a firewall.  I was able to get this to work using the following steps.  Hopefully they will help someone else.

Make sure source domain has been configured as a ‘Conditional Forwarder’ in the DNS settings on the target domain.

1.      Open Active directory and trusts for the source domain
2.      right click source domain name choose 'properties'
3.      click trust tab
4.      Click 'New Trust' button
5.      Click 'Next'
6.      Enter Target Domain Name
7.      Choose ‘Realm Trust’
8.      Choose ‘Non Transitive Trust’
9.      Choose Two-Way direction
10.      Create a Trust password
11.      Click on Finish
12.      Logon to Target Domain
13.      Open Active Directory and Trust on target domain
14.       right click target domain name choose 'properties'
15.      click trust tab
16.      Click 'New Trust' button
17.      Enter source domain name
18.      Select ‘External Trust’
19.      Select Two Way
20.      Select This Domain Only
21.      Domain Wide Authentication
22.      Enter password created in step 10
23.      Click Next, don’t bother verifying relationship as it will tell probably tell you it failed.  Just keep clicking next until the wizard is finished.
24.      Run ADMT and verify you can migrate a user.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 37399750
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 

Author Comment

by:a245439
ID: 37399751
A solution to this problem has been detailed in the responses.  It should be classified as an accepted solution.
0
 

Author Closing Comment

by:a245439
ID: 37433088
Found the solution on my own and have listed in detail the steps I took to resolve the problem
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question