Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Trust Relatonship

0 views
Skip to first unread message

Alexyy

unread,
Sep 16, 2006, 1:55:01 PM9/16/06
to
Hi,

This with reagrd to TRUST REALTIONSHIP in windows 2003.,Iam having windows
2003 server ( standard edition) . Iam having multiple domin cntroller. which
should athuenticate to main server through trustreation ship. Iam able to
configure trust through REALM & EXTERNAL trust realtionship,but my
requirement is to configure this multiple domain controoler through FOREST
TRUST which iam not able to configure, even iam not getting that forst trust
option i can see realm and external trust option ,but not Forest trust , can
any one help on this its pretty urgent and can some tell me how to configure
FOREST TRUST STEP BY STEP

Hope i can get a positive answer

Regards

Alex

Al Mulnick

unread,
Sep 16, 2006, 9:21:03 PM9/16/06
to
Are your domain and forest functional levels set to 2003?


"Alexyy" <Ale...@discussions.microsoft.com> wrote in message
news:D1F9BB8E-463F-460A...@microsoft.com...

Alexyy

unread,
Sep 18, 2006, 12:35:01 AM9/18/06
to
YES I HAVE THREE WINDWOS 2003 DOMAIN CONTROLLER SERVER,

Paul Bergson

unread,
Sep 18, 2006, 8:38:15 AM9/18/06
to
If you only want a how to, here you go:

Forest Trust
http://technet2.microsoft.com/WindowsServer/en/library/7929b0c4-efe1-409c-99e3-efe9815f426d1033.mspx?mfr=true

External Forest Trust
http://technet2.microsoft.com/WindowsServer/en/library/b30ef067-746e-4453-b879-804259aafdd31033.mspx?mfr=true

DNS
http://expertanswercenter.techtarget.com/eac/knowledgebaseAnswer/0,295199,sid63_gci1104911,00.html

Managing
http://informit.staging.informit.mttech.com/articles/article.asp?p=170286&seqNum=2&rl=1

--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Alexyy" <Ale...@discussions.microsoft.com> wrote in message
news:D1F9BB8E-463F-460A...@microsoft.com...

Alexyy

unread,
Sep 18, 2006, 11:14:02 AM9/18/06
to
Hi Paul,

First of thanks for the support,some more doubt and clarification requried,

when i try to configure trust for e.g

New Trust => dns (xyz.com) => after this i get two type of trust 1) Realm
Trust and 2) Trust with a windows domain.
I get this two option only ,My querry is will i be getting FOREST TRUST
option there OR how to enable this option i tried with windows standard and
enterprise.Is there iam making any mistake .Pls help me on this problem.

Regards

Alex

Paul Bergson

unread,
Sep 18, 2006, 12:25:24 PM9/18/06
to
I'm not sure I'm following your question but you will be creating a Windows
trust. If you go through the steps and you make an error you can remove the
trust. I'm just not sure what you are asking me.

--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Alexyy" <Ale...@discussions.microsoft.com> wrote in message

news:50A7914A-41A1-4B6E...@microsoft.com...

Alexyy

unread,
Sep 18, 2006, 1:04:01 PM9/18/06
to

Hi Paul,

when iam trying to create a new trust.
for example as u said iam doing

1. Open Active Directory Domains and Trusts.
2. In the console tree, right-click the domain node for the forest root
domain, and then click Properties.
3. On the Trust tab, click New Trust, and then click Next.
4. On the Trust Name page, type the DNS name (or NetBIOS name) of another
forest, and then click Next.
5. On the Trust Type page, click Forest trust, .( iam not getting forest
trust option ) iam gettin only two option. 1) Realm Trust and 2) Trust with
a windows domain. how to enable forest trust or am i making a mistake.

Al Mulnick

unread,
Sep 18, 2006, 7:36:38 PM9/18/06
to
THATS VERY NICE (not sure why we're yelling?) but what I asked is if your
domain and forest functional levels are up to 2003? Do you know how to
check?

If not, then you won't have the option to create a forest trust.

My $0.04 worth (USD).

Best of luck.

"Alexyy" <Ale...@discussions.microsoft.com> wrote in message

news:BF19FCAF-2270-4A9A...@microsoft.com...

Paul Bergson

unread,
Sep 19, 2006, 8:33:06 AM9/19/06
to
Al Mulnick brings up a very good point. Having 2003 domain controllers
doesn't necessarily equate to having your forest at 2003 Forest Functional
Level.

From: http://support.microsoft.com/kb/322692/
Raise the Forest Functional Level
CAUTION: Do not raise the forest functional level if you have, or will have,
any domain controllers running Windows NT 4.0 or Windows 2000. As soon as
the forest functional level is raised to Windows Server 2003, it cannot be
changed back to the Windows 2000 forest functional level. 1. Log on to the
PDC of the forest root domain with a user account that is a member of the
Enterprise Administrators group.
2. Open Active Directory Domains and Trusts, click Start, point to All
Programs, point to Administrative Tools, and then click Active Directory
Domains and Trusts.
3. In the console tree, right-click Active Directory Domains and
Trusts, and then click Raise Forest Functional Level.
4. Under Select an available forest functional level, click Windows
Server 2003, and then click Raise.

Note To raise the forest functional level, you must upgrade (or
demote) all existing Windows 2000 domain controllers in your forest.

If you cannot raise the forest functional level, you can click Save As
in the Raise Forest Functional Level dialog box to save a log file that
specifies which domain controllers in the forest still must be upgraded from
Windows NT 4.0 or Windows 2000.

If you receive a message that indicates you cannot raise the forest
functional level, use the report generated by "Save As" to identify all
domains and domain controllers that do not meet the requirements for the
requested increase.

The current forest functional level appears under Current forest
functional level in the Raise Forest Functional Level dialog box. After the
forest level is successfully increased and replicated to the PDCs in the
domains, the PDCs for each domain automatically increase their domain level
to the current forest level. The level increase is performed on the Schema
FSMO and requires Enterprise Administrator credentials.

--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Alexyy" <Ale...@discussions.microsoft.com> wrote in message
news:BF19FCAF-2270-4A9A...@microsoft.com...

Paul Bergson

unread,
Sep 19, 2006, 8:36:48 AM9/19/06
to
See my other reply, I believe you have 2003 DC's but you are at Forest
Functional Level. Without this Forest Trusts are not available as it sounds
like you are experiencing. The link below will detail raising it:

http://support.microsoft.com/kb/322692/

--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Alexyy" <Ale...@discussions.microsoft.com> wrote in message

news:C93315E7-FC8B-4A92...@microsoft.com...

0 new messages