Solved

can I create a trust between domains that have 2003 DC and 2008 DC?

Posted on 2011-03-18
10
286 Views
Last Modified: 2012-05-11
I have a domain running a 2003 environment in level 2 because it still has some older NT 4 BDC in it running some software programs for the company.
I want to create a trust from that domain to a domain running a single 2008 DC environment. Can it be done and how?
Thanks.
0
Comment
Question by:raffie613
  • 4
  • 4
  • 2
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
Haven't tested in a mixed domain like that, you can try and then if it doesn't work turn off the cryptographic algorithms setting as described here

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/05/10/considerations-when-upgrading-your-active-directory-to-windows-server-2008-and-2008-r2.aspx

I'm guessing it will work because you have a 2003 PDCe.  

Out of curiosity why do you still have NT domain controllers in that domain?

Thanks

Mike
0
 
LVL 3

Expert Comment

by:barane
Comment Utility
Hi,

Creating a trust between NT 4.0 and 2008 doesn't work at many cases  because Nt4.0 uses NTLMv1is used for Authentication.

NTLMv1 is not much secure because it doesn't support encryption , so it has been denied in Windows 2008. But If your NT4.0 uses NTLMv2 for authentication then you have to perform n number of changes in 2008 GP for the trust creation

Just be careful if objects uses NTLMv1 for authentication  then after upgrading to NTLMv2, it  will not support the previous version authentication.

To Upgrade your NT4.0 authentication level then your NT 4.0 should be equipped with SP4

external trust is supported for  Windows Server 2008–based domain and a Windows NT–based domain.

Trusts that are created between Windows NT 4.0 domains and AD DS domains are one way and nontransitive, and they require NetBIOS name resolution for that You have to modify the LMhostfiles in NT4.0 to have an name resolution

0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
...but in this case his domain is 2003...have you tested that?
0
 
LVL 3

Expert Comment

by:barane
Comment Utility
Hey I misunderstood that he tries to connect between 2008 and NT so i had given the explanation.
If its 2003 to 2008 i would agree with your solution
0
 

Accepted Solution

by:
raffie613 earned 0 total points
Comment Utility
It is a 2003 domain mainly, we had to keep the two NT BDC machines for now because of cost issue with the software that is running on them. I do not need them at all for any type of authentication.
I wonder if I upgrade the level of my AD will machines on the network still be able to use the software runniong on those NT machines.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 3

Expert Comment

by:barane
Comment Utility
Yes you could able to access software running on NT
0
 

Author Comment

by:raffie613
Comment Utility
So if I do the level upgrade using ADMT, I won't lose any connectivity to my NT 4 BDC machines?
0
 
LVL 3

Expert Comment

by:barane
Comment Utility
is the migration to 2003 else 2008.If it is 2008 you have to think off
0
 

Author Comment

by:raffie613
Comment Utility
what do you mean think off?
I would just upgrade the AD level from 2 to 1.
0
 

Author Closing Comment

by:raffie613
Comment Utility
no one else had anything worth while.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now