TRUSTS - 3 domains, 2 with the same netbios domain name. HELP!!!!
CPiO
Hi,
I am banging my head against the wall with this one and really need some
help....
Scenario:-
I have 3 AD domains as follows:-
Domain 1
AD namespace - uk.company.local
netbios domain name = ukcompany
2003 finctional forest and domain
Domain 2
AD namespace - france.company.local
netbios domain name = company **same as domain 3
2000 finctional forest and domain
Domain 3
AD namespace - spain.company.local
netbios domain name - company **same as domain 2
2000 finctional forest and domain
Is there any way that Domain 1 can create a Trust to domain 2 and domain 3
when they both use the same netbios domain name. Domain 2 and domain 3 NEVER
need to trust one another.
Pease help.....
Many Thanks
Meinolf Weber [MVP-DS]
The NetBIOS name MUST be different to create a trust. So you have to rename
one domain or migrate to a new domain with a different name. NO other option
exists.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Paul Bergson [MVP-DS]
have two domains in the same forest, with the same netbios name. I'm
guessing you are at Domain Functional Level (DFL) and Forest Functional
level (FFL) of 2000 and again I will be surprised if you will be able to
move to DFL/FFL of 2003 or 2008.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"CPiO" <CP...@discussions.microsoft.com> wrote in message
news:C76ED9DD-353E-4A45...@microsoft.com...
Ace Fekay [MVP-DS, MCT]
news:C76ED9DD-353E-4A45...@microsoft.com...
I concur with Paul and Meinolf. For domain to domain trusts, which are
reliant on NetBIOS name resolution and support, the names *must* be
different.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.
Paul Bergson [MVP-DS]
I don't get it. How were they ever able to configure two domains in the
same forest with the same netbios name? Is it because in 2000 there isn't
transitivity?
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Ace Fekay [MVP-DS, MCT]" <ace...@mvps.RemoveThisPart.org> wrote in message
news:OVzSJ7Rl...@TK2MSFTNGP06.phx.gbl...
Meinolf Weber [MVP-DS]
I think they just use the same forest name and they are stil different forests.
The OP didn't state that they are in the same forest.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Ace,
> I don't get it. How were they ever able to configure two domains in
> the
> same forest with the same netbios name? Is it because in 2000 there
> isn't
> transitivity?
Ace Fekay [MVP-DS, MCT]
news:Oa7t8MSl...@TK2MSFTNGP04.phx.gbl...
> Ace,
> I don't get it. How were they ever able to configure two domains in the
> same forest with the same netbios name? Is it because in 2000 there isn't
> transitivity?
>
I'm taking that the poster was implying (as I interpreted it) that it never
worked.
Windows NT4, 2000 & 2003 domain-domain trusts are NetBIOS based and are not
transitive. However, Windows 2003 forest-forest trusts, in 2003 Forest and
Domain FL are transitive, but are DNS based.
Ace
Paul Bergson [MVP-DS]
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911dc4218...@msnews.microsoft.com...
Meinolf Weber [MVP-DS]
No, unfortunal i cannot join the Summit. Hopefully i can arrange it next
year, if i am still MVP then.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> Ahhh, you might be on to something Meinolf. Heading to Summit this
> year?
>
Ace Fekay [MVP-DS, MCT]
> Ahhh, you might be on to something Meinolf. Heading to Summit this year?
>
I agree, Meinolf may have hit it on the head. That would explain some of the
issues.
Ace
Prince Kanago
Okay here's the answer
Understand this that the Active directory Structure is very nicely done, which seems you are unable to understand...
I have some questions for you to answer
1. Did you checked Active Directory Sites and Services-Sites-Servers-NTDS Settings-Properties what did you see??
for all Servers in this forest to get an idea which Server is replicating with which one?? & how many GCS and ADC's you have??
2. One way to design such a structure which You are talking about is to have Parent OU's containing Sub OU's
These Sub OU's can be named as Users, Groups, Servers and Client Pc's which would contain those kind of objects (this would help the System Admin to run Scripts & manage GPO) all over the network, also in this structure you can have GCS and ADC for faster replication, fault tolerance and load balancing all over the forest at every site.
3. Every region would have a so called Administrator managing OU of that particular region creating deleting and managing user accounts and group membership on that master OU of which he/she has been assigned delegate control they can see other OU's also but would have read only access untill they have been assigned rights to manage other OU's
4. By default all these servers would have transitive trust and intrasite replication, only the servers naming convention would be tricky example NY-Dc01.xyz.com and cali-Dc01.xyz.com ofcourse NYdc01 will be in NY and Calidc01 would be in cali but they would replicate with each other and would have same netbios name on client Pc's in Cali and NY. however it doesnt matter if both are GCS on their respective sites or can be ADC for fast replication of objects
5. If you are 100% sure that there are Child Domains as i said then you should check ADS&S properly, if in case then you need to user "Windows 2003 Domain rename tool" and follow the process of Domain renamining
I have the experience of being in such a forest environment where you get this feeling
have a blessed day
and if you have any query please revert back
Prince Kanago
MCT, MCTS, MCSE, ITIL, IBM-EADP, CEH, CWNA
Windows 2000-2008
> On Thursday, January 14, 2010 7:59 AM CPiO wrote:
> Hi,
>
> I am banging my head against the wall with this one and really need some
> help....
>
> Scenario:-
>
> I have 3 AD domains as follows:-
>
> Domain 1
> AD namespace - uk.company.local
> netbios domain name = ukcompany
> 2003 finctional forest and domain
>
> Domain 2
> AD namespace - france.company.local
> netbios domain name = company **same as domain 3
> 2000 finctional forest and domain
>
> Domain 3
> AD namespace - spain.company.local
> netbios domain name - company **same as domain 2
> 2000 finctional forest and domain
>
> Is there any way that Domain 1 can create a Trust to domain 2 and domain 3
> when they both use the same netbios domain name. Domain 2 and domain 3 NEVER
> need to trust one another.
>
> Pease help.....
>
> Many Thanks
>> On Thursday, January 14, 2010 8:27 AM Meinolf Weber [MVP-DS] wrote:
>> Hello CPiO,
>>
>> The NetBIOS name MUST be different to create a trust. So you have to rename
>> one domain or migrate to a new domain with a different name. NO other option
>> exists.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> On Thursday, January 14, 2010 8:28 AM Paul Bergson [MVP-DS] wrote:
>>> You will not be able to accomplish this and I am quite surprised that you can
>>> have two domains in the same forest, with the same netbios name. I am
>>> guessing you are at Domain Functional Level (DFL) and Forest Functional
>>> level (FFL) of 2000 and again I will be surprised if you will be able to
>>> move to DFL/FFL of 2003 or 2008.
>>>
>>> --
>>> Paul Bergson
>>> MVP - Directory Services
>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>> 2008, 2003, 2000 (Early Achiever), NT4
>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>
>>> http://www.pbbergs.com
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup This
>>> posting is provided "AS IS" with no warranties, and confers no rights.
>>>> On Thursday, January 14, 2010 8:37 AM Ace Fekay [MVP-DS, MCT] wrote:
>>>> I concur with Paul and Meinolf. For domain to domain trusts, which are
>>>> reliant on NetBIOS name resolution and support, the names *must* be
>>>> different.
>>>>
>>>>
>>>> --
>>>> Ace
>>>>
>>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>>> confers no rights.
>>>>
>>>> Please reply back to the newsgroup or forum for collaboration benefit among
>>>> responding engineers, and to help others benefit from your resolution.
>>>>
>>>> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
>>>> MCSA 2003/2000, MCSA Messaging 2003
>>>> Microsoft Certified Trainer
>>>> Microsoft MVP - Directory Services
>>>>
>>>> If you feel this is an urgent issue and require immediate assistance, please
>>>> contact Microsoft PSS directly. Please check http://support.microsoft.com
>>>> for regional support phone numbers.
>>>>> On Thursday, January 14, 2010 9:09 AM Paul Bergson [MVP-DS] wrote:
>>>>> Ace,
>>>>> I do not get it. How were they ever able to configure two domains in the
>>>>> same forest with the same netbios name? Is it because in 2000 there is not
>>>>> transitivity?
>>>>>
>>>>> --
>>>>> Paul Bergson
>>>>> MVP - Directory Services
>>>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>>>> 2008, 2003, 2000 (Early Achiever), NT4
>>>>> Microsoft's Thrive IT Pro of the Month - June 2009
>>>>>
>>>>> http://www.pbbergs.com
>>>>>
>>>>> Please no e-mails, any questions should be posted in the NewsGroup This
>>>>> posting is provided "AS IS" with no warranties, and confers no rights.
>>>>>> On Thursday, January 14, 2010 9:49 AM Ace Fekay [MVP-DS, MCT] wrote:
>>>>>> I am taking that the poster was implying (as I interpreted it) that it never
>>>>>> worked.
>>>>>>
>>>>>> Windows NT4, 2000 & 2003 domain-domain trusts are NetBIOS based and are not
>>>>>> transitive. However, Windows 2003 forest-forest trusts, in 2003 Forest and
>>>>>> Domain FL are transitive, but are DNS based.
>>>>>>
>>>>>> Ace
>>>>>> Submitted via EggHeadCafe
>>>>>> OAuth Basics for .NET Developers
>>>>>> http://www.eggheadcafe.com/tutorials/aspnet/16beeea4-4332-4d23-8433-ade0ae6dbcbd/oauth-basics-for-net-developers.aspx