Announcement

Collapse
No announcement yet.

Possible to create trust with domains that have same pre-windows 2000 name?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible to create trust with domains that have same pre-windows 2000 name?

    My situation is this

    Domain A (banana.com) Forest functional level: Windows 2003

    Domain B (apple.com) Forest Functional level: Windows 2000 Native

    Domain C (apple.loc) Forest functional level: Windows 2003

    banana.com has a 2 way forest trust with apple.loc

    When adding a trust for apple.com to banana.com, the trust cannot be added because the message says "trust already exists"

    This is because apple.com and apple.loc have same pre-windows 2000 domain "apple".

    Is there a way to add this trust? (Other then raising apple.com functional level to windows 2003)

  • #2
    Re: Possible to create trust with domains that have same pre-windows 2000 name?

    Originally posted by kuay5 View Post
    My situation is this

    Domain A (banana.com) Forest functional level: Windows 2003

    Domain B (apple.com) Forest Functional level: Windows 2000 Native

    Domain C (apple.loc) Forest functional level: Windows 2003

    banana.com has a 2 way forest trust with apple.loc

    When adding a trust for apple.com to banana.com, the trust cannot be added because the message says "trust already exists"

    This is because apple.com and apple.loc have same pre-windows 2000 domain "apple".

    Is there a way to add this trust? (Other then raising apple.com functional level to windows 2003)
    your problem is not derived from the same NetBIOS name.
    your problem is b/c "apple.com" is Active Directory Forest 2000.
    Forest trust is only available on 2003 Forest or above.

    Comment


    • #3
      Re: Possible to create trust with domains that have same pre-windows 2000 name?

      Hi,

      I think the root of your problem is NetBIOS. You can't create any types of trust, if NetBIOS names are not unique.
      Even disabling Netbios and trying to resolve using DNS won't solve the problem
      One solution in your case would be to rename doman B (Apple.com) with Rendom.exe if it's not a forest root domain.
      Any other solutions depend on the reason for creating these trusts.
      If it is for migration purposes, then you can do a two step migration to another trusted domain first.

      Cheers
      Caesar's cipher - 3

      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

      SFX JNRS FC U6 MNGR

      Comment


      • #4
        Re: Possible to create trust with domains that have same pre-windows 2000 name?

        As Akila said as as per this from technet:

        http://technet.microsoft.com/en-us/l.../cc757352.aspx

        Trusts across Windows Server 2003 and Windows 2000 forests

        Windows Server 2003 forest trusts cannot be created between a Windows Server 2003 forest and a Windows 2000 forest. You can, however, manually create a trust relationship between any domain in a Windows Server 2003 forest and any domain in a Windows 2000 forest by using one-way or two-way external trusts. External trusts are nontransitive and provide for access to resources in another domain outside the forest that is not already joined by a forest trust.
        Not saying that the double name is helping, just saying that fixing that wouldn't make it work.
        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

        Comment


        • #5
          Re: Possible to create trust with domains that have same pre-windows 2000 name?

          Originally posted by gepeto View Post
          As Akila said as as per this from technet:

          http://technet.microsoft.com/en-us/l.../cc757352.aspx



          Not saying that the double name is helping, just saying that fixing that wouldn't make it work.
          What the Article says is that you can't create forest trust between a 2003 forest and a 200 forest.
          First of all we are not talking about Forest trusts between these two domains because it is known that forest trusts are only supported in windows 2003 and above. Fixing the non unique Netbios name in that case would make a Trust relashionship between those two domains possible (Not ncessarily a Forest Trust)
          So if Kuay5 was creating an external trust betwen DomainB and Domain C then Non uique Netbos names would not make that possible.
          On that note, even if the forest functional level in domain B was raised to Windows 2003 i think NetBIOS would still be used as a resolution protocol during the trust creation thus the problem would still be the same.
          What I am totally unsure though is the mechanism used to automatically rename the NetBIOS name during this process without ending up using Rendom.

          Cheers
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment


          • #6
            Re: Possible to create trust with domains that have same pre-windows 2000 name?

            Hi Guys,

            Thanks for the inputs. Both forests are Windows 2003 forests. Actually what we need is just a one-way external trust. To allow access to Sharepoint.

            Yup our solution is either rename the domain or simply creating local accounts for Sharepoint access by users of domain b.

            Comment


            • #7
              Re: Possible to create trust with domains that have same pre-windows 2000 name?

              Originally posted by kuay5 View Post
              simply creating local accounts for Sharepoint access by users of domain b.
              That's a possible workaround, but is pretty clunky. How many users are we talking about?
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment

              Working...
              X