Creating trusts is generally also dependent on short-name(NetBios) resolution as well as the other obvious requirements. Often after people have fought creating a trust for some time and employ LMHOST files (or WINS) it magically works...
NetBios is not as dead as some would have you think. There are several MSKB articles about trust creation failing in the absense of shortname resolution. Good summary in this article- http://www.windowsdevcenter.com/pub/a/windows/2004/05/11/netbios.html -----Original Message----- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 9:26 AM To: NT System Admin Issues Subject: Re: How to create a trust? On Thu, Nov 13, 2008 at 9:31 AM, <[EMAIL PROTECTED]> wrote: > Again, I think some of the snags (in addition to that last line) are > because, although NYC has 4 Win2003 DCs, their functional level still > shows as "Win2000". Our level is at Win2003 which NYC must change. I've never tried it, but I'm not so sure functional levels need to match between domains for external trusts between AD domains. I say that mainly because I *have* created trusts between an AD domain and an NTLM domain, which are *very* different beats, and that certainly worked fine. I wouldn't expect the trust mechanism to allow that, but then be pickier about AD<->AD trusts. Then again, I've seen stupider limitations. > As to proper AD functionality w/SRV, DNS, etc, well, we gotta get the > trust set up first. That may not be possible. I think you need to have DNS working properly in order to establish the trust. AD uses DNS to find DCs. Without proper DNS, the one domain's DCs will not be able to find the other domain's DCs. If the DCs cannot talk, the trust isn't going to be very useful, even if you manage to create it. I'm checking my usual sources (Minasi, Lowe-Norris, Crawford, Google), and I can't find anything that says AD trusts definitely will not work without proper DNS. But do find lots of recommendations to have DNS working properly. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
