How to track Traffic over Domain Trust?

I currently have an Active Directory domain trust between 2 AD domains.  All domain controllers except 1 are Server 2008 (the odd man out is Server 2003).

1. The old domain is a 2008 server operating at a Windows 2000 native domain functional level
2. The current domain is all 2008 & 1 2003 server operating at a Windows Server 2003 domain functional level.
3. We have migrated to the current domain what we believe to be the last of the machines and systems dependent upon the old domain.
4. We are ready to retire the old domain and want to ensure no systems or machines are still dependent upon it.

Is there a way that I can monitor traffic that is traversing the trust to ensure that we are completely unreliant on the old 2000 domain?  What do I need to configure\enable to accomplish this?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I myself would take a look at the security log in the event viewer on the 2003 server and see if you have a lot of entries of users/devices hitting it up to authenticate for any reason.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

On the old DC.
Run wireshark, check the traffic.

Are they separate forest?

I would power off the old domain for a day or two. I did a migration and we found that the Sharepoint server had permissions issues after. (  server was moved to new domain)
Did you do a manual move to the new domain of a AD migration with MS's tool or another tool? Did you migrate with SID History?)

check wins?
check dns?
check dhcp services?
any vpn's etc, pointed at the old dc ?

disable the old domain user accounts.
diable the old domain computer accounts.

As far as a tool , none that I know of.
You could tun up windows auditing and see what is logging in.

Hope this list helps.

As per my understaing you want to check that is there any user or machine is login to old domain or not.If yes then either you can write down a script or use oldcmp.exe(freeware from and have a look on "" for few examples i don't think you need to check the same on trust traffic
VIBTAuthor Commented:
Thanks guys!  I ended up using a combination of all solutions to help me decommission the old domain in the trust.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.