Ok, so here's my current situation: 2 domains, ad.company.com, and geo.company.com. AD.company.com is at 2008R2 functional level, both for domain and forest. geo.company.com is at 2003 functional level, both for domain and forest.
In DNS for each domain, there are AD-Integrated primary forward lookup zones for the other domain. When I try to add a conditional forwarder, I get this message "The server with this IP is not authoritative for the required zone." Did we mess up by making the zones primary, vs. secondary, or is there some other issue? >>> Brian Desmond <[email protected]> 3/10/2011 10:40 AM >>> Forest trust will enable Kerb across the trust and UPN routing, but otherwise given two single domain forests it's pretty much functionally identical. Thanks, Brian Desmond [email protected] c - 312.731.3132 -----Original Message----- From: Joseph Heaton [mailto:[email protected]] Sent: Thursday, March 10, 2011 11:10 AM To: NT System Admin Issues Subject: Domain trust question We currently have a Windows domain which we're using as an applications domain. All of our network login/authentication is done through our Novell domain. Our current domain is at a Windows Server 2003 functional level, both for the domain and forest. We are in the midst of planning a migration away from Novell, and into a new forest/domain that we've set up, which is at a 2008 R2 functional level, for both forest and domain. We want to setup a one-way trust between the two domains, so that users from the 2008 R2 domain will be able to access resources in the 2003 domain. My question: Would it be best practices in this case to create a forest trust? Or would I use some other type of trust? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
