Problems bringing up a Win 2003 domain
We have an existing NT4.0 domain, and we are now bringing up a Win 2003 AD domain. While we migrate several servers and buildings, we need to have users on the new 03 domain access resources on the nt40 domain. So we go through the steps to set up a trust, it appears to go fine on the NT4.0 side, but when we sit down at the 03 controller and run the trust setup, it prompts me for credentials and not the trust password credentials (we never get to that point). After I put in the nt4.0 domain it then gives me an error: Operation Failed. Access is denied. We are using the domain admin account for credentials and have looked at numerous sites for info and have found nothing referring to this error. Any thoughts?
If I have this straight, you are going to have the NT 4.0 Domain TRUST the Windows 2003 domain. The NT 4.0 is first setup creating the trust, where the 2003 Domain is the TRUSTED domain. Once the trust with a password is setup, you then go to the Windows 2003 domain use the New Trust Wizard. You will specify the name NetBIOS name of the NT 4.0 domain in the dialog box. You are also prompted for the direction of the trust, which will be one way: incoming, that is the users in the Windows 2003 domain can be authenticated in the NT 4.0 domain. On the next screen you should be prompted to the password you had established for the trust. If you are logged on as the actual ADMINISTRATOR account on the Windows 2003 machine, you could get a problem with being prompted to credentials as the Administrator is a special account. I have experienced this repeatedly with Microsoft domain functions. Instead of using the actual administrator account, use a different account with Domain Admin privileges in the Windows 2003 domain. This may solve the problem. The other issue that can occur is if you have locked down the Windows NT 4.0 environment. This could prevent the connection from being made and the requested information from being delivered. Lastly, if there is a firewall and any type of packet filtering in between the systems, you could erroneously be prompted for credentials. The Windows system is not expecting an error here and is possibly just reporting the access denied for lack of a better reason. Believe me, it wouldn't be the first time.
This was first published in August 2004