I've never tested this, but I bet you won't be allowed to create a trust to two domains with the same NetBIOS name. That is an attribute of the trust object in AD.
Thanks, Brian Desmond [email protected] c - 312.731.3132 From: Paul Gordon [mailto:[email protected]] Sent: Friday, November 12, 2010 4:24 AM To: NT System Admin Issues Subject: Forest trust transitivy limit? I have an interesting conundrum that I'm pondering which has raised the question of just how transitive are forest trusts? With 2 forests, it's quite straightforward; with a forest trust between them, the transitivity extends down the domain tree in each forest, eliminating the need for external domain trusts between individual domains within each forest (although of course shortcut trusts can still be useful). But what about when there are more than 2 forests? - take a scenario with 3 forests: FORESTA <-----forest trust-----> FORESTB <-----forest trust-----> FORESTC So there is a forest trust between A & B, and between B &C.... - does FORESTA thus trust FORESTC?? - since in theory forest trusts are transitive, one might be inclined to think the answer to this should be yes, but I'm not convinced the transitivity is supposed to work this way... BTW, the conundrum that has prompted this question is that I have a scenario where I'm being asked to suggest a migration strategy between two AD domains (in separate forests) that have the SAME domain NetBIOS name... (Ugh!) the only way I see this being possible is to use an intermediate domain and a 2-step migration, since it simply isn't going to be possible to migrate directly between two identically named domains... Two different strategy suggestions are under consideration for how/where to implement the intermediate domain, one of which is to keep it entirely separate from the existing production forests at either end of the migration... Thoughts? TIA Paul G. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
