raffie613
asked on
can I create a trust between domains that have 2003 DC and 2008 DC?
I have a domain running a 2003 environment in level 2 because it still has some older NT 4 BDC in it running some software programs for the company.
I want to create a trust from that domain to a domain running a single 2008 DC environment. Can it be done and how?
Thanks.
I want to create a trust from that domain to a domain running a single 2008 DC environment. Can it be done and how?
Thanks.
Hi,
Creating a trust between NT 4.0 and 2008 doesn't work at many cases because Nt4.0 uses NTLMv1is used for Authentication.
NTLMv1 is not much secure because it doesn't support encryption , so it has been denied in Windows 2008. But If your NT4.0 uses NTLMv2 for authentication then you have to perform n number of changes in 2008 GP for the trust creation
Just be careful if objects uses NTLMv1 for authentication then after upgrading to NTLMv2, it will not support the previous version authentication.
To Upgrade your NT4.0 authentication level then your NT 4.0 should be equipped with SP4
external trust is supported for Windows Server 2008–based domain and a Windows NT–based domain.
Trusts that are created between Windows NT 4.0 domains and AD DS domains are one way and nontransitive, and they require NetBIOS name resolution for that You have to modify the LMhostfiles in NT4.0 to have an name resolution
Creating a trust between NT 4.0 and 2008 doesn't work at many cases because Nt4.0 uses NTLMv1is used for Authentication.
NTLMv1 is not much secure because it doesn't support encryption , so it has been denied in Windows 2008. But If your NT4.0 uses NTLMv2 for authentication then you have to perform n number of changes in 2008 GP for the trust creation
Just be careful if objects uses NTLMv1 for authentication then after upgrading to NTLMv2, it will not support the previous version authentication.
To Upgrade your NT4.0 authentication level then your NT 4.0 should be equipped with SP4
external trust is supported for Windows Server 2008–based domain and a Windows NT–based domain.
Trusts that are created between Windows NT 4.0 domains and AD DS domains are one way and nontransitive, and they require NetBIOS name resolution for that You have to modify the LMhostfiles in NT4.0 to have an name resolution
...but in this case his domain is 2003...have you tested that?
Hey I misunderstood that he tries to connect between 2008 and NT so i had given the explanation.
If its 2003 to 2008 i would agree with your solution
If its 2003 to 2008 i would agree with your solution
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes you could able to access software running on NT
ASKER
So if I do the level upgrade using ADMT, I won't lose any connectivity to my NT 4 BDC machines?
is the migration to 2003 else 2008.If it is 2008 you have to think off
ASKER
what do you mean think off?
I would just upgrade the AD level from 2 to 1.
I would just upgrade the AD level from 2 to 1.
ASKER
no one else had anything worth while.
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/05/10/considerations-when-upgrading-your-active-directory-to-windows-server-2008-and-2008-r2.aspx
I'm guessing it will work because you have a 2003 PDCe.
Out of curiosity why do you still have NT domain controllers in that domain?
Thanks
Mike