Ask the Expert

One way trust between a Win2k server and a NT4.0 server

I would like to make a one way trust between a Win2k server and a NT4.0 server (both primary domain controllers). I must be able to add users from the NT server to resources on the Win2k server. I can establish a trust, but I get a lot of errors. Is there step-by-step info on how to establish a trust between a NT and Win2k server?

Requires Free Membership to View

Most trust failures can be traced back to a name resolution problem. Are these machines in a lab or in production? If they are in production, make sure they are both pointed at the same WINS and DNS servers for name resolution. Make sure you can ping the flat domain name from each machine.

Since you need users from the NT domain to get to resources in the AD domain, you'll need to establish a trust from the AD domain to the NT domain. This makes the NT domain the "trusted" domain and the AD domain the "trusting" domain. The terminology can trip you up.

Use AD domains and trusts to set up the AD side of the trust. Use Usrmgr to set up the NT4 side. Configure the NT4 trust first so you can see the completion of the trust at the AD side.

If the system establishes the trust (after a long wait for name resolution), you should see both domains in the pick list of the Winlogon window of the clients in the NT domain. You'll also see the external trust listed in AD domains and trusts.

Test the trust by plucking a global group from the NT4 domain and putting it on the ACL of a folder in the AD domain. Then access the folder from the NT4 side.

If this fails somewhere along the way, check and double-check your name resolution. Send me a diagram of your network and the names and IP addresses of the WINS and DNS servers if you can't get the names to resolve.

This was first published in July 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: