Solved

can't establish trust between windows 2003 and windows 2008 domains

Posted on 2011-03-09
11
1,782 Views
Last Modified: 2012-09-05
I am trying to migrate users from a windows 2003 domain to a brand new windows 2008 domain.  As I understand it, to get the ADMT to work I need a trust relationship between the 2 domains.  I have not been able to establish a trust relationship between the 2 domains The 2008 Domain is at 2008 functional level and the 2003 Domain is at the 2003 functional level.  I'm guessing this is where my problem resides, but before I go through the trouble of rebuilding my 2008 Domain and set it to the 2003 functional level, is there anything else I can do to either lower the level to 2003, establish a trust between the 2 domains or just get the ADMT tool to work without a trust relationship?
0
Comment
Question by:a245439
11 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 35084605
I think your best bet would be to lower functional level to 2003.
0
 
LVL 3

Expert Comment

by:DavidLeal
ID: 35084980
What error message appear?

I have a 2008 domain (2008 funcional level) with trust with other 2 domains one 2000 (funcional level 2000) and other 2003 (funcional level 2003)

and dont have any problem with trusts
0
 

Author Comment

by:a245439
ID: 35085105
Error message received - Cannot create a forest trust to the specified forest.  The specified forest is not at the necessary forest functional level.
0
 
LVL 3

Expert Comment

by:DavidLeal
ID: 35085161
the windows 2003 forest are native or mixed?
0
 

Author Comment

by:a245439
ID: 35085200
2003 forest is native.  There is only one DC in the forest.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Expert Comment

by:DavidLeal
ID: 35085252
0
 

Accepted Solution

by:
a245439 earned 0 total points
ID: 35094736
Thanks for the link but it wasn't quite what I needed.  My situation may be a bit different.  I'm going from 2 completely different subnets through a firewall.  I was able to get this to work using the following steps.  Hopefully they will help someone else.

Make sure source domain has been configured as a ‘Conditional Forwarder’ in the DNS settings on the target domain.

1.      Open Active directory and trusts for the source domain
2.      right click source domain name choose 'properties'
3.      click trust tab
4.      Click 'New Trust' button
5.      Click 'Next'
6.      Enter Target Domain Name
7.      Choose ‘Realm Trust’
8.      Choose ‘Non Transitive Trust’
9.      Choose Two-Way direction
10.      Create a Trust password
11.      Click on Finish
12.      Logon to Target Domain
13.      Open Active Directory and Trust on target domain
14.       right click target domain name choose 'properties'
15.      click trust tab
16.      Click 'New Trust' button
17.      Enter source domain name
18.      Select ‘External Trust’
19.      Select Two Way
20.      Select This Domain Only
21.      Domain Wide Authentication
22.      Enter password created in step 10
23.      Click Next, don’t bother verifying relationship as it will tell probably tell you it failed.  Just keep clicking next until the wizard is finished.
24.      Run ADMT and verify you can migrate a user.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 37399750
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 

Author Comment

by:a245439
ID: 37399751
A solution to this problem has been detailed in the responses.  It should be classified as an accepted solution.
0
 

Author Closing Comment

by:a245439
ID: 37433088
Found the solution on my own and have listed in detail the steps I took to resolve the problem
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Suggested Solutions

This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now