We have one external trust set up between two forests. Although we do still have WINS (we'll see how long that lasts...) I didn't have to use it to get the trust setup. DNS alone is not enough, but correctly configured lmhosts files on the two PDC emulators that establish the trust will do the job. That may not be enough to actually USE the trusted resources across both domains completely though--we only want them available on specific servers, so that is what we have defined.
I remember needing either (or maybe both) the 0x1b and 0x1c records, as well as defining the DC on the other end of the trust. I can pull a copy if anyone needs the format-let me know. -Bonnie ________________________________________ From: [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:37 AM To: NT System Admin Issues Subject: Re: How to create a trust? Interesting! Does this mean, then, for a trust to work better, WINS servers should be running at each domain? -------------------------------------- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org "Ben Scott" <[EMAIL PROTECTED]> wrote on 11/14/2008 09:08:39 AM: > On Thu, Nov 13, 2008 at 2:45 PM, Free, Bob <[EMAIL PROTECTED]> wrote: > > Creating trusts is generally also dependent on short-name(NetBios) > > Ah. Doesn't surprise me. Good to know. :) > > > NetBios is not as dead as some would have you think. > > Yah. Microsoft keeps says NetBIOS is decreated, but then you run > across MSKB articles saying "such and such won't work if NetBIOS is > disabled". > > I suspect NetBIOS is never going to go away completely. NetBIOS's > naming protocols are built-in to Windows in some rather core places. > In particular, the security subsystem and SMB. Historically, > Microsoft has not had much luck upgrading that stuff. I suspect that > code is so old and poorly written (some of dates back to Win 3.x!) > nobody is left who understands what it all does. By all appearances, > AD couples on to those things, rather than replacing them. Usually > the UI hides all this, but the old stuff still pokes through on > occasion, in error messages, the registry, and so on. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
