Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

can I create a trust between domains that have 2003 DC and 2008 DC?

I have a domain running a 2003 environment in level 2 because it still has some older NT 4 BDC in it running some software programs for the company.
I want to create a trust from that domain to a domain running a single 2008 DC environment. Can it be done and how?
Thanks.
0
raffie613
Asked:
raffie613
  • 4
  • 4
  • 2
1 Solution
 
Mike KlineCommented:
Haven't tested in a mixed domain like that, you can try and then if it doesn't work turn off the cryptographic algorithms setting as described here

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/05/10/considerations-when-upgrading-your-active-directory-to-windows-server-2008-and-2008-r2.aspx

I'm guessing it will work because you have a 2003 PDCe.  

Out of curiosity why do you still have NT domain controllers in that domain?

Thanks

Mike
0
 
baraneCommented:
Hi,

Creating a trust between NT 4.0 and 2008 doesn't work at many cases  because Nt4.0 uses NTLMv1is used for Authentication.

NTLMv1 is not much secure because it doesn't support encryption , so it has been denied in Windows 2008. But If your NT4.0 uses NTLMv2 for authentication then you have to perform n number of changes in 2008 GP for the trust creation

Just be careful if objects uses NTLMv1 for authentication  then after upgrading to NTLMv2, it  will not support the previous version authentication.

To Upgrade your NT4.0 authentication level then your NT 4.0 should be equipped with SP4

external trust is supported for  Windows Server 2008–based domain and a Windows NT–based domain.

Trusts that are created between Windows NT 4.0 domains and AD DS domains are one way and nontransitive, and they require NetBIOS name resolution for that You have to modify the LMhostfiles in NT4.0 to have an name resolution

0
 
Mike KlineCommented:
...but in this case his domain is 2003...have you tested that?
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
baraneCommented:
Hey I misunderstood that he tries to connect between 2008 and NT so i had given the explanation.
If its 2003 to 2008 i would agree with your solution
0
 
raffie613Author Commented:
It is a 2003 domain mainly, we had to keep the two NT BDC machines for now because of cost issue with the software that is running on them. I do not need them at all for any type of authentication.
I wonder if I upgrade the level of my AD will machines on the network still be able to use the software runniong on those NT machines.
0
 
baraneCommented:
Yes you could able to access software running on NT
0
 
raffie613Author Commented:
So if I do the level upgrade using ADMT, I won't lose any connectivity to my NT 4 BDC machines?
0
 
baraneCommented:
is the migration to 2003 else 2008.If it is 2008 you have to think off
0
 
raffie613Author Commented:
what do you mean think off?
I would just upgrade the AD level from 2 to 1.
0
 
raffie613Author Commented:
no one else had anything worth while.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now