transitive forest trusts is a feature only available at Windows Server 2003 FOREST functional level - i.e. all domains and all DCs in all domains of both forests need to be running Win2k3 and both forests then need to be switched to Win2k3 FFL before this will work.
I'm not sure, but I think you'll have to bind to each forest separately to retrieve the respective structure via adsi. If you first need to find out which forest is trusted in the firt place, I'm sure you'll be able to determine this by evaluating the trustType attribute of the trustedDomain objects in the system container for the root domain of one of the forests. But maybe there is a more elegant way. /Guido > hello, > > i have reading the new trust feature of windows server 2003: the > implizit forest trust between two forests. > > my questions (perhaps knows someone something): > > which domains should have the operation system "windows server > 2003"? > (i think each root domain of the two forests - is this right?) > > is the adsi-interface IDsBrowseDomainTree fit with this new > forest trust- > feature?(i think no, a newer adsi-version is needed) > > if not, how can i find out the full two-forest structure (all > member > domains) with a programming language (i need no source, a > description is sufficient)(should i read hardcore the > trusted-Domain object from the > system-container?) > > jens > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
