Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2003 to NT4 trust problem

Status
Not open for further replies.
bofhrevenge2

bofhrevenge2

MIS
May 29, 2004
1,336
GB
Hi all, i have set up a trust between our 2003 and our NT4 domain and as far as i can tell it is working, Windows says that it is validated both ways. The problem is that i can't see the NT4 users in AD but if i go into User Manager for domains on the NT4 PDC i can see the users in AD.
I have tried using the connect to another domain setting in AD but the NT4 domain doesn't appear, i can however see both networks in the browse list on each server.

Can anyone shed some light on this.

Also do i need to add the domain admins group from each domain to the administrators group of the other domain, i'm sure i read that somewhere but it isn't in the document that i downloaded.

Thanks.

Thanks.
 
Sort by date Sort by votes
Check your name resolution. The easiest way to do this is to create secondary DNS zones for each domain.

So, on the 2000 domain, create a secondary zone for the NT domain. On the NT domain, create a secondary zone for the 2000 domain.

You can also do this with a LMHOST file
 
Upvote 0 Downvote
The NT4 domain doesn't use our DNS they use our ISP's, but there doesn't seem to be a problem from that side. Is adding a secondary zone on the 2003 side still the right course of action or can i just add a record for the NT4 domain controller?

Thanks.
 
Upvote 0 Downvote
I think this is because NT4 accounts are not Active Directory accounts and have completly different properties, so it would n't make sense to see their properties in 'User Manager for Domains' of NT4.

But you can view and add AD account to NT4 groups, provided trusts are setup and you stick to AGLP rule (ie user acounts into Global Groups, GG into LG and LG assigned permissions).

If you want to add a Global Group of NT4 domain to a Local Group or a Domain Local Group of AD domain then this would be OK (using 'Active Dir User and Comp').

If you try and add a Global Group of AD to local group of NT4 domain, this too would be OK (using 'User Manager for Domains').

But you cannot add a NT4 Global Group to an AD Global Group (GG into GG was not allowed in NT4 but is allowed in Win 2000/3).

Let me know how you get on, as I'm doing something very simialr and would be interested in your experiences.

I wanted to give AD Domain Admin rights to my NT4 users, but couldn't see an easy way forward.

TK
 
Upvote 0 Downvote
I'm not quite sure I understand your issue, you're trying to view your NT domain through AD Users & Computers MMC? If so I don't this would or could work, it connects to ADs not NT4 SAMs. User Manager for Domains (at least early versions) can handle connecting to an AD (I'm not sure how - I guess via the PDC emulator?) but you shouldn't use it as it doesn't fully support AD objects.
 
Upvote 0 Downvote
It sounds like you've set up a one way trust. If you want to be able to add users from both domains, you need to establish two trusts.

NT 4 domain needs to trust WK3 domain

and

W2K3 domain needs to trust NT 4 domain.

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
I thought i had setup a 2 way trust and it says it's validated.

Can you tell me the order i should do it in eg start at NT4 end or 2003 end.

The issue NickFerrar is that i can select to view the 2003 accounts in User Manager by selecting connect to domain but i can't see the NT4 SAM from AD, there must be a way otherwise how do i add global groups from that to local groups in the other domain.

Thanks guys.
 
Upvote 0 Downvote
Too much to type to show you the exact process...but heres a web site with pretty pictures... check it out:
Pictures not enough? How about a video presented by Microsoft on how to establish trusts?
-hope this helps..

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out (Sales@njcomputernetworks.com)
 
Upvote 0 Downvote
Thats the video i was lookinf for, i saw it the other day and then i couldn't find it again.

Cheers.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
754
araheusaff
araheusaff
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
906
suncit
suncit
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
586
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
685
microsGuy16
microsGuy16

Part and Inventory Search

Sponsor

Back
Top