I'm doing a win2k-win2k3 trust. Logically and from what i've read from MS, I assume i only need the proper dns set up. Its my understanding that for trusts bet win2k-win2k,win2k-win2k3,win2k3-win2k3, you don't need wins or netbios or lmhosts. of course when it comes to netbios, no one seems to have a definitive answer, including MS. Then some people say there is a disntinction between flat names like "mydomain"(that you see in the drop down list in the GINA) and netbios names. but i never could understand that very specific distinction. of course, i'm no expert and people whom i respect on this list seem to have conflicting views on netbios and what it is(a api,a protocol,a network driver?) and its place in modern win2k/2k3 networks, specifically as applies to trusts. but what this comes down to really, is i should get off my butt and run ethereal on my test forests and see what i can see :) thanks P.S- in the org i work for, we have netbios/tcp disabled in both forests and no WINS(whatever that implies...)
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Brian Desmond
Sent: Wed 10/12/2005 4:33 PM
To: [email protected]
Cc:
Subject: RE: [ActiveDir] Trust issue
Unless you’re doing a 2k3 – 2k3 trust, you better plan on downlevel
name resolution. Personally, I rely on it for any trust. I have somewhere
between 350 and 400 that I manage, and WINS is the only reliable thing I have
out to all my remote sites.
Thanks,
Brian Desmond
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
c - 312.731.3132
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, October 12, 2005 2:41 PM
To: [email protected]
Subject: RE: [ActiveDir] Trust issue
Nope.
also as an aside,what is pretty amusing(in a frustrating way) is MS was
the one that told me about the lmhost entries.
i remeber bringing this up on the list awhile ago and we all went back
and forth about wheter netbios is involved in a external trust between win2k
and win2k3 and if it could be entirley done via dns.
i know MS was just grasping at straws to try to help me out but its
just amusing that no one can say without doubt or confusion wheter you need
netbios or not in this senario inculding the guys that sell the product.
only in the software industry, i guess...
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Brian Desmond
Sent: Wed 10/12/2005 2:24 PM
To: [email protected]
Cc:
Subject: RE: [ActiveDir] Trust issue
DCOM range locked down on one end but not the other?
Thanks,
Brian Desmond
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
c - 312.731.3132
_____
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Kern, Tom
Sent: Wednesday, October 12, 2005 1:50 PM
To: [email protected]
Subject: RE: [ActiveDir] Trust issue
nope.
-----Original Message-----
From: Brian Desmond [mailto:[EMAIL PROTECTED]
Sent: Wed 10/12/2005 1:46 PM
To: [email protected]
Cc:
Subject: RE: [ActiveDir] Trust issue
Is there a firewall between the two places? PDC
emulators in particular?
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Wednesday, October 12, 2005 1:35 PM
To: [email protected]
Subject: [ActiveDir] Trust issue
I have an external 2 way trust between a child domain
in a win2k3 forest
(win2k3 FFL) and a child domain in a win2k native mode
forest.
I set up the trust thru netdom or the Domains and
Trusts mmc and after a few
minutes it fails coming from the win2k side.
the win2k domain/dc stops trusting the win2k3 domain/dc
but the win2k3 trust
stays up.
i have dns set up for forwarding on both sides for the
respective
domains/dns servers.
i also have lmhosts entries on both dc's in the trust.
nothing is logged in the event logs are either dc.
is there anything else i should be looking at?
thanks alot
.+w?B+v*rz Vryi??
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
