AD forest trust
I'm trying to establish a forest trust between 2x domains running on Win2003. The functional level is 2000 mixed and the Wizard keeps returning the message "the name you specified is not a valid Windows domain name."
I believe the networking side has been completed and I've added an entry into the Hosts file. Conditional forwarding has been configured and names are resolving.
Is the functional level causing this issue. A search indicates that this needs to be at 2003 level. Can I use a Realm trust instead?
I believe the networking side has been completed and I've added an entry into the Hosts file. Conditional forwarding has been configured and names are resolving.
Is the functional level causing this issue. A search indicates that this needs to be at 2003 level. Can I use a Realm trust instead?
Comments
-
Hyper-Me Banned Posts: 2,059a realm trust is for UNIX to Windows trust.
What are your domain names?
It almost sounds like you are using a single label name for one of your domains. -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Need to set the forest functional level to 2003.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
HeroPsycho Inactive Imported Users Posts: 1,940Both forests must be Windows 2003 functional level before you can create forest trusts:
Checklist: Creating a forest trust: Active DirectoryGood luck to all! -
blargoe Member Posts: 4,174 ■■■■■■■■■□You could just do a domain trust though.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
mikedisd2 Member Posts: 1,096 ■■■■■□□□□□HeroPsycho wrote: »Both forests must be Windows 2003 functional level before you can create forest trusts:
Checklist: Creating a forest trust: Active Directory
I saw this one too; I'm finding mixed message on this. Trusts existed before 03 though.
Because it's mixed mode I wondered if the Realm option is the way to go, although it's mainly used for UNIX boxes as Hyper-me said.
Domains are abc.local and xyz.local. As mentioned they can ping and resolve via HOSTS entries.
As it's a government department and I'm a contractor I don't think raising the functional level is an option. -
snadam Member Posts: 2,234 ■■■■□□□□□□I saw this one too; I'm finding mixed message on this. Trusts existed before 03 though.
Because it's mixed mode I wondered if the Realm option is the way to go, although it's mainly used for UNIX boxes as Hyper-me said.
Domains are abc.local and xyz.local. As mentioned they can ping and resolve via HOSTS entries.
As it's a government department and I'm a contractor I don't think raising the functional level is an option.
Ideally, you could create an external trust as opposed to a realm trust.
I believe Forest-level trusts weren't doable until server 2003. Either way your FFL needs to be 2003 in both forests to create a forest trust.**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security -
mikedisd2 Member Posts: 1,096 ■■■■■□□□□□Ideally, you could create an external trust as opposed to a realm trust.
I believe Forest-level trusts weren't doable until server 2003. Either way your FFL needs to be 2003 in both forests to create a forest trust.
Thanks Snadam, am checking out other trust types now.
My 70-294 exam was only about a year ago. Use it or lose it, I guess.
EDIT: External trusts seem to only be for connecting to NT4 or older. The New Trust Wizard only gives the choice of Realm trust or Trust with a Windows domain. -
snadam Member Posts: 2,234 ■■■■□□□□□□Thanks Snadam, am checking out other trust types now.
My 70-294 exam was only about a year ago. Use it or lose it, I guess.
EDIT: External trusts seem to only be for connecting to NT4 or older. The New Trust Wizard only gives the choice of Realm trust or Trust with a Windows domain.
I read the same article. I think its trying to say IF you delete an external trust between server 2003 and NT, then delete it from the 2003 DC. External trusts are typically used for domains outside the forest, or NT domains.
Question: Does this trust have to be transitive, or do you just want one domain in one forest trusting another domain in another forest? I forgot that external trusts are non-transitive.**** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine
:study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security -
mikedisd2 Member Posts: 1,096 ■■■■■□□□□□I don't think the transitive state is a concern; it's just a 2-way trust to allow for specific access in an ILM configuration.
Just had word that the company is going to bring in a technical architect to manage my project. Which is what they should have done in the first place. I'm still just a doer not a designer, unless you ask my ego.
Thanks for all the help, it gives me a much better acumen when explaining all this tomorrow.