Link to home
Start Free TrialLog in
Avatar of Bill Welsh
Bill WelshFlag for United States of America

asked on

establish 2-way trust between two physically separated AD domains

Hello,

I need to establish a two-way trust between 2 physically separated AD domains - when I run through the "create new trust" wizard and supply either side with the other side's domain name, the wizard will error out and tell me it cannot find the supplied Windows Domain.

Additional details:
there is a site to site VPN in place that enables connectivity between the two sites and hosts on either side are pingable and accessible by IP - general high level infrastructure concerns are pretty solid and there is no firewalling of the traffic between the two sites.

One domain controller on one side can ping the other by name, the other one cannot by name, but can by IP

The AD on one side has a domain functional level of 2003 / forest 2008

The AD on the other side has a domain functional level of 2000 / forest is 2003

One AD has a ".us" ending to its' internal NETBios domain name, the other has a ".com" ending to its' internal NETBios domain name :-/


What is the best way to configure DNS in this situation? Obviously I would like to avoid an internal domain re-name on the one that ends in ".com"

Will the functional levels need to be raised to support the trust?



The goal here is very simply to be able to login to computers at one site with credentials from the other site.

Thank you!
ASKER CERTIFIED SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bill Welsh
Bill Welsh
Flag of United States of America image

ASKER

The newly created conditional forwarders at both sites fixed this problem beautifully, much appreciated!