External Trust between Win 2000 and Win 2003 Forest/Domains

Microsoft Windows Server 2003
Windows 2000 Server
I have an external trust created from my 2000 domain to a separate and unrelated 2003 domain. I can successfully grant 2003 users access to resources on my 2000 domain. I cannot grant 2000 domain users access to resources on the 2003 domain. When I try to add a 2000 domain user to the permissions list of a folder on the 2003 server, I can select the 200 domain but it will never find the user I specify either just username or username@domain.com (UPN) format? Looking for some verification of my tust settings on the 2003 server. Thanks,

Answer Wiki

Thanks. We'll let you know when a new response is added.

You need to set up the trust relationship between the domains.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • PaulHinsberg
    When you set up the domain you will need to set it up twice. With two Windows 2003 domains this could be done concurrently. With the Windows 2000 domain you will need to set up the external trust with the Windows 2003 domain first as the trusted domain and then as the trusting domain. If you had in fact done this, then the problem is likely that an appropriate domain controller from the trusted domain (in your case that would be the Windows 2000 domain) cannot be located. You should validate your name resolution for the domain from a Windows 2003 domain controller.
    15 pointsBadges:
    I was able to fix the problem by creating secondary DNS zones for the other domain on each DNS server. So the 2000 servers each have a secondary forward lookup zone for the 2003 domain and vice versa. I am guessing that the LMHOSTS file was enough to get the trust going but needed DNS resolution for AD to workk properly. Thanks to all for your replies.
    0 pointsBadges:
  • Chuck76
    Hi SWYATT, hope this helps. It sounds as if the trust you established is not transitive. Your W2K domain trusts the W2K3 and will give access to its users, but the W2K3 domain does not trust the W2K domain and will not give access to its users. Try using AD Sites and Services from a DC (on either domain) to verify the status of the trust. You may be able to start your troubleshooting from there.
    25 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: