Hi, It is not possible to create/manage forest trusts with NETDOM (http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Tech Ref/9f921edc-87f5-460e-89ee-9ca56ec1d096.mspx). See "http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Tech Ref/108124dd-31b1-4c2c-9421-6adbc1ebceca.mspx" for the table "Trust Tools Comparison by Task"
####QUOTE#### Netdom is a command-line tool that allows you to create and manage Active Directory trust relationships (except forest trusts) and can help reduce the number of steps needed to create a trust by using Active Directory Domains and Trusts. You can also use the Netdom command line tool to complete batch management of trusts, join computers to domains, verify trusts (including forest trusts) and secured channels, and obtain information about the status of trusts ####QUOTE#### >From the MS tools only the "Active Directory Domains and Trusts" MMC can create Forest Trusts. I'm not sure if it will work, but another way you could try to create a forest trust is through ADSI (to create a trustedDomain object and populating its properties) Jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carrara, Greg Sent: Thursday, April 07, 2005 16:53 To: '[email protected]' Subject: [ActiveDir] W2K3 Forest trust w/Netdom Hello! I'm trying to create a one way trust between two domains install.com and test.com. I need install.com to be the user domain and test.com to be the resource domain. I've added both to DNS and have upgraded both domain to W2K3 Server forest functionality mode. I can successfully create a transitive forest to forest utilizing the AD domains and trusts GUI. My problem, however, comes when I try to utilize Netdom to create a forest trust. I can successfully use the command: Netdom trust install.com /domain:test.com /UserD:Administrator /PasswordD:* /UserO:Administrator /PasswordO:* /PasswordT:* /Add This creates an external trust between the two domains that is nontransitive. I need a transitive forest trust. I tried adding the switches /Transitive:Yes and /ForestTransitive:Yes, to make it transitive, but they error out stating that this is for non-Windows Kerberos realms only. I haven't found a way to specify a forest trust. My question is: can you create a transitive forest trust using netdom, and if not, is there another utility for successfully doing this from the command line? Thanks! greg List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
