Solved

can I create a trust between domains that have 2003 DC and 2008 DC?

Posted on 2011-03-18
10
287 Views
Last Modified: 2012-05-11
I have a domain running a 2003 environment in level 2 because it still has some older NT 4 BDC in it running some software programs for the company.
I want to create a trust from that domain to a domain running a single 2008 DC environment. Can it be done and how?
Thanks.
0
Comment
Question by:raffie613
  • 4
  • 4
  • 2
10 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35168387
Haven't tested in a mixed domain like that, you can try and then if it doesn't work turn off the cryptographic algorithms setting as described here

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/05/10/considerations-when-upgrading-your-active-directory-to-windows-server-2008-and-2008-r2.aspx

I'm guessing it will work because you have a 2003 PDCe.  

Out of curiosity why do you still have NT domain controllers in that domain?

Thanks

Mike
0
 
LVL 3

Expert Comment

by:barane
ID: 35168680
Hi,

Creating a trust between NT 4.0 and 2008 doesn't work at many cases  because Nt4.0 uses NTLMv1is used for Authentication.

NTLMv1 is not much secure because it doesn't support encryption , so it has been denied in Windows 2008. But If your NT4.0 uses NTLMv2 for authentication then you have to perform n number of changes in 2008 GP for the trust creation

Just be careful if objects uses NTLMv1 for authentication  then after upgrading to NTLMv2, it  will not support the previous version authentication.

To Upgrade your NT4.0 authentication level then your NT 4.0 should be equipped with SP4

external trust is supported for  Windows Server 2008–based domain and a Windows NT–based domain.

Trusts that are created between Windows NT 4.0 domains and AD DS domains are one way and nontransitive, and they require NetBIOS name resolution for that You have to modify the LMhostfiles in NT4.0 to have an name resolution

0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35168730
...but in this case his domain is 2003...have you tested that?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 3

Expert Comment

by:barane
ID: 35169008
Hey I misunderstood that he tries to connect between 2008 and NT so i had given the explanation.
If its 2003 to 2008 i would agree with your solution
0
 

Accepted Solution

by:
raffie613 earned 0 total points
ID: 35182276
It is a 2003 domain mainly, we had to keep the two NT BDC machines for now because of cost issue with the software that is running on them. I do not need them at all for any type of authentication.
I wonder if I upgrade the level of my AD will machines on the network still be able to use the software runniong on those NT machines.
0
 
LVL 3

Expert Comment

by:barane
ID: 35182603
Yes you could able to access software running on NT
0
 

Author Comment

by:raffie613
ID: 35182625
So if I do the level upgrade using ADMT, I won't lose any connectivity to my NT 4 BDC machines?
0
 
LVL 3

Expert Comment

by:barane
ID: 35182754
is the migration to 2003 else 2008.If it is 2008 you have to think off
0
 

Author Comment

by:raffie613
ID: 35183076
what do you mean think off?
I would just upgrade the AD level from 2 to 1.
0
 

Author Closing Comment

by:raffie613
ID: 35499834
no one else had anything worth while.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question