?
Solved

can't establish trust between windows 2003 and windows 2008 domains

Posted on 2011-03-09
11
Medium Priority
?
1,873 Views
Last Modified: 2012-09-05
I am trying to migrate users from a windows 2003 domain to a brand new windows 2008 domain.  As I understand it, to get the ADMT to work I need a trust relationship between the 2 domains.  I have not been able to establish a trust relationship between the 2 domains The 2008 Domain is at 2008 functional level and the 2003 Domain is at the 2003 functional level.  I'm guessing this is where my problem resides, but before I go through the trouble of rebuilding my 2008 Domain and set it to the 2003 functional level, is there anything else I can do to either lower the level to 2003, establish a trust between the 2 domains or just get the ADMT tool to work without a trust relationship?
0
Comment
Question by:a245439
10 Comments
 
LVL 15

Expert Comment

by:James
ID: 35084605
I think your best bet would be to lower functional level to 2003.
0
 
LVL 3

Expert Comment

by:DavidLeal
ID: 35084980
What error message appear?

I have a 2008 domain (2008 funcional level) with trust with other 2 domains one 2000 (funcional level 2000) and other 2003 (funcional level 2003)

and dont have any problem with trusts
0
 

Author Comment

by:a245439
ID: 35085105
Error message received - Cannot create a forest trust to the specified forest.  The specified forest is not at the necessary forest functional level.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
LVL 3

Expert Comment

by:DavidLeal
ID: 35085161
the windows 2003 forest are native or mixed?
0
 

Author Comment

by:a245439
ID: 35085200
2003 forest is native.  There is only one DC in the forest.
0
 

Accepted Solution

by:
a245439 earned 0 total points
ID: 35094736
Thanks for the link but it wasn't quite what I needed.  My situation may be a bit different.  I'm going from 2 completely different subnets through a firewall.  I was able to get this to work using the following steps.  Hopefully they will help someone else.

Make sure source domain has been configured as a ‘Conditional Forwarder’ in the DNS settings on the target domain.

1.      Open Active directory and trusts for the source domain
2.      right click source domain name choose 'properties'
3.      click trust tab
4.      Click 'New Trust' button
5.      Click 'Next'
6.      Enter Target Domain Name
7.      Choose ‘Realm Trust’
8.      Choose ‘Non Transitive Trust’
9.      Choose Two-Way direction
10.      Create a Trust password
11.      Click on Finish
12.      Logon to Target Domain
13.      Open Active Directory and Trust on target domain
14.       right click target domain name choose 'properties'
15.      click trust tab
16.      Click 'New Trust' button
17.      Enter source domain name
18.      Select ‘External Trust’
19.      Select Two Way
20.      Select This Domain Only
21.      Domain Wide Authentication
22.      Enter password created in step 10
23.      Click Next, don’t bother verifying relationship as it will tell probably tell you it failed.  Just keep clicking next until the wizard is finished.
24.      Run ADMT and verify you can migrate a user.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 37399750
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 

Author Comment

by:a245439
ID: 37399751
A solution to this problem has been detailed in the responses.  It should be classified as an accepted solution.
0
 

Author Closing Comment

by:a245439
ID: 37433088
Found the solution on my own and have listed in detail the steps I took to resolve the problem
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question