Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 2000 Domain and Trusts

Status
Not open for further replies.

gschwind

Programmer
Jul 2, 2001
2
CH

We have installed two Windows 2000 Server.
Every Server has a separate Active directory with a different domain.
We would make a two-way transitive trust between the two domains.

We receive the error message "The domain cannot be contacet. Try later again."

What we must doing.

 
i am doing something similar. AD to AD trust, as far as i can tell from microsoft this can only ever be non transitive. to accomplish this i set up a user account in each active directory called trustacc with a password. the password has to match in each AD and the account should have administrative priviledges. use the following line to create the trust
netdom trust <trustingdomain> /domain:<domaintobetrusted> /userD:trustacc /passwordd:<password> /add /twoway /kerberos

this will create a twoway external trust which is non-transitive. of course you can make the trust oneway and if you use /passwordd:* you will be prompted for a password

if the command completes successfully you can verify the trust with
netdom trust <trustingdomain> /domain:<domaintobetrusted> /userD:trustacc /passwordd:<password> /verify

you should then be in a position to go to the AD domains and trusts MMC select the properies of the server and click on the trust then edit and then verify.
It might be worth adding an lmhosts file with details of each DC to both AD DC's

I have pulled my hair out abpout this for ages as i now have one half working perfectly but when i try to verify the otherhalf i get RPC serrver is unavailable. check the PDC is working corectly message with no events what so ever.
I think i have a dns issue somewhere but i can't tell. if this works well for you please let me know as i really don't want to rebuild one of my servers to find out that the issue is indeed DNS. if anyone else can help i would appreciate it greatly
 
It's a DNS issue as i ran into a similar problem. Make sure your DNS server is running properly. First test would be to run NSlookup on the local server and see if it gives you the server name and IP address. If you get host not found then that DNS Server is not resolving your names properly.

Can you ping either PC by the FQDN? i.e. computer.domain.com.?

Also make sure the right DNS server is listed in your TCP/IP properties.

Try these out first.

 
adding in the dns server address of domain A to the dns setting of domain b resolved this
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top