We have one external trust set up between two forests.  Although we do still 
have WINS (we'll see how long that lasts...) I didn't have to use it to get the 
trust setup.  DNS alone is not enough, but correctly configured lmhosts files 
on the two PDC emulators that establish the trust will do the job.  That may 
not be enough to actually USE the trusted resources across both domains 
completely though--we only want them available on specific servers, so that is 
what we have defined.

I remember needing either (or maybe both) the 0x1b and 0x1c records, as well as 
defining the DC on the other end of the trust.  I can pull a copy if anyone 
needs the format-let me know.

-Bonnie

________________________________________
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Sent: Friday, November 14, 2008 9:37 AM
To: NT System Admin Issues
Subject: Re: How to create a trust?

Interesting!

Does this mean, then, for a trust to work better, WINS servers should be
running at each domain?
--------------------------------------
Richard McClary, Systems Administrator
ASPCA Knowledge Management
1717 S Philo Rd, Ste 36, Urbana, IL  61802
217-337-9761
http://www.aspca.org


"Ben Scott" <[EMAIL PROTECTED]> wrote on 11/14/2008 09:08:39 AM:

> On Thu, Nov 13, 2008 at 2:45 PM, Free, Bob <[EMAIL PROTECTED]> wrote:
> > Creating trusts is generally also dependent on short-name(NetBios)
>
>   Ah.  Doesn't surprise me.  Good to know.  :)
>
> > NetBios is not as dead as some would have you think.
>
>   Yah.  Microsoft keeps says NetBIOS is decreated, but then you run
> across MSKB articles saying "such and such won't work if NetBIOS is
> disabled".
>
>   I suspect NetBIOS is never going to go away completely.  NetBIOS's
> naming protocols are built-in to Windows in some rather core places.
> In particular, the security subsystem and SMB.  Historically,
> Microsoft has not had much luck upgrading that stuff.  I suspect that
> code is so old and poorly written (some of dates back to Win 3.x!)
> nobody is left who understands what it all does.  By all appearances,
> AD couples on to those things, rather than replacing them.  Usually
> the UI hides all this, but the old stuff still pokes through on
> occasion, in error messages, the registry, and so on.
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to