Solved

can't establish trust between windows 2003 and windows 2008 domains

Posted on 2011-03-09
11
1,823 Views
Last Modified: 2012-09-05
I am trying to migrate users from a windows 2003 domain to a brand new windows 2008 domain.  As I understand it, to get the ADMT to work I need a trust relationship between the 2 domains.  I have not been able to establish a trust relationship between the 2 domains The 2008 Domain is at 2008 functional level and the 2003 Domain is at the 2003 functional level.  I'm guessing this is where my problem resides, but before I go through the trouble of rebuilding my 2008 Domain and set it to the 2003 functional level, is there anything else I can do to either lower the level to 2003, establish a trust between the 2 domains or just get the ADMT tool to work without a trust relationship?
0
Comment
Question by:a245439
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 35084605
I think your best bet would be to lower functional level to 2003.
0
 
LVL 3

Expert Comment

by:DavidLeal
ID: 35084980
What error message appear?

I have a 2008 domain (2008 funcional level) with trust with other 2 domains one 2000 (funcional level 2000) and other 2003 (funcional level 2003)

and dont have any problem with trusts
0
 

Author Comment

by:a245439
ID: 35085105
Error message received - Cannot create a forest trust to the specified forest.  The specified forest is not at the necessary forest functional level.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:DavidLeal
ID: 35085161
the windows 2003 forest are native or mixed?
0
 

Author Comment

by:a245439
ID: 35085200
2003 forest is native.  There is only one DC in the forest.
0
 

Accepted Solution

by:
a245439 earned 0 total points
ID: 35094736
Thanks for the link but it wasn't quite what I needed.  My situation may be a bit different.  I'm going from 2 completely different subnets through a firewall.  I was able to get this to work using the following steps.  Hopefully they will help someone else.

Make sure source domain has been configured as a ‘Conditional Forwarder’ in the DNS settings on the target domain.

1.      Open Active directory and trusts for the source domain
2.      right click source domain name choose 'properties'
3.      click trust tab
4.      Click 'New Trust' button
5.      Click 'Next'
6.      Enter Target Domain Name
7.      Choose ‘Realm Trust’
8.      Choose ‘Non Transitive Trust’
9.      Choose Two-Way direction
10.      Create a Trust password
11.      Click on Finish
12.      Logon to Target Domain
13.      Open Active Directory and Trust on target domain
14.       right click target domain name choose 'properties'
15.      click trust tab
16.      Click 'New Trust' button
17.      Enter source domain name
18.      Select ‘External Trust’
19.      Select Two Way
20.      Select This Domain Only
21.      Domain Wide Authentication
22.      Enter password created in step 10
23.      Click Next, don’t bother verifying relationship as it will tell probably tell you it failed.  Just keep clicking next until the wizard is finished.
24.      Run ADMT and verify you can migrate a user.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 37399750
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 

Author Comment

by:a245439
ID: 37399751
A solution to this problem has been detailed in the responses.  It should be classified as an accepted solution.
0
 

Author Closing Comment

by:a245439
ID: 37433088
Found the solution on my own and have listed in detail the steps I took to resolve the problem
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question