Santhosh, I don't understand the significance of WINS here, as opposed to getting DNS resolution properly working. Since he's on W2K3, wouldn't it be better that he uses a stub of each domain on the other side of the trust (or even cond fwding for that matter)? Just curious. On a similar note, I've noticed that the trust process (and other processes, like Exchange Server Migration in ADMT) uses NetBIOS lookup instead of doing an FQDN lookup. One way I do this is to simply create an A record in MY zone for the DC on the other side. By creating the A record, the query will simply get handed the record for that DC. This works IF the name of the DC on the other side is not the same as the name of any of the DC in MY domain. Let me explain with an example. MYDomain wants to trust YOURDomain. YourDomain has a DC called YourDC. During the trust establishment process, I see a query for YourDC, which of course does not exist in MyDomain, and because YourDomain is also not on my suffix, no record is located. So, I create an A record for YourDC and give it the true IP of YourDC. So, now the process goes and query for YourDC (instead of YourDC.YourDomain), it gets resolved to the YourDC that is located in MyDomain, which happens to be the same as YourDC.YourDomain. Deji
________________________________ From: [EMAIL PROTECTED] on behalf of Santhosh Sivarajan Sent: Tue 5/31/2005 2:07 PM To: [email protected] Subject: Re: [ActiveDir] _msdcs question I don't think you have to do anything with your _msdcs zone. You have to have WINS name resolution in-order to configure the trust. What is your WINS configuration? Can you ping both Domain DCs using NetBIOS and FQDN? HTH Santhosh Santhosh Sivarajan MCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TX On 5/31/05, Rimmerman, Russ <[EMAIL PROTECTED]> wrote: > > We upgraded our Win2k AD domain to Win2k3 a few months ago. Now I'm > attempting to set up a two-way trust with an outside Win2k3 domain, and > I found out that _msdcs.company.com in the Win2k3 domain is at the same > level as the company.com zone. So I found out this means that they > build this as a Win2k3 domain rather than upgrading from Win2k. > > I found http://support.microsoft.com/?id=817470 on how to reconfigure an > _msdcs subdomain to a forest-wide DNS application directory partition > when you upgrade from Win2k to Win2k3, but we haven't done that (didn't > know about it until just now). > > Question is - I want to set up a two-way trust with this win2k3 domain, > but when I set them up as a secondary zone in our empty root domain, we > didn't get the _msdcs data since it's just a grey reference folder > rather than actual data. > > How do I get the two-way trust working? Do I have to set up two > secondary zones in my empty root domain, one for company.com and one for > _msdcs.company.com? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > This e-mail is confidential, may contain proprietary information > of the Cooper Cameron Corporation and its operating Divisions > and may be confidential or privileged. > > This e-mail should be read, copied, disseminated and/or used only > by the addressee. If you have received this message in error please > delete it, together with any attachments, from your system. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
