Setting up a trust between servers.

[steve_nfi]

Hi all
I'm after a bit of guidance.
I want to set up a trust between our Admin and Pass servers.
Is it very difficult? Could someone give me a bit of advice or point me in the direction of a good manual?
We had a trust set up in my last school but I didn't have any involvement in that. It was already there.
Thanks

[witch]

Me too - help, someone?

[DrPerceptron]

Understanding Trusts: Active Directory

Technet is somewhere I've found a starting point for anything I've done, it generally walks you through pretty much every step that's there and explains it all too.

[jamesb]

I'm slightly confused, are we talking about trusts between domains in different forests here, or is there some sort of trust you can set up between individual servers?

[steve_nfi]

It's a trust between 2 servers on different domains. Not in different countries or parts of the country but standing next to each other. Users on one domain need access to certain parts of the other.

[FN-GM]

It's a trust between 2 servers on different domains. Not in different countries or parts of the country but standing next to each other. Users on one domain need access to certain parts of the other.

You will have to trust the whole domain not just one server. I have done it myself and its pretty easy. Are the Domains on the same LAN?

[jamesb]

As FN says, it is fairly easy but it does have to be trust of the whole domain.

Or rather you have to set up a domain trust, then you can choose which assets from the foreign domain are trusted to access which resources, almost in the same way as you would with your own users.

[steve_nfi]

The Admin network is setup a Vlan. Would this make a difference? Its fine for the trust to be for the whole domain.

[witch]

The info provided only mentions server 2000 and server 2003. Our trust would be between a server 2003 and server 2008

Basically we need to be able to access SIMS which is on our admin network for the VLE and parental engagement, registration and the like. Our new server will be 2008, the admin one is 2003.
Will the 2003 instructions work for both?

[jamesb]

What're the domain levels of the two domains?

http://technet.microsoft.com/en-us/l.../cc816837.aspx - you can create a trust between a 2008 and a 2003 domain.

[steve_nfi]

Mine are 2000 for the admin network and 2003 for the curriculum. Hopefully later this year they will both be 2003. A bit behind the times here.

[witch]

What're the domain levels of the two domains?

Sorry, I don't know what that means

[DrPerceptron]

I do believe if you right click your domains in Active Directory Users and Computers (or Domains and Trusts) you can choose a "Domain Functional Level" from the menu and that should tell you.

[Michael]

Chances are if you don't know the domain level, it'll be the default which is '2000 Mixed'. Setting up trusts are fairly straight forward, but in the longterm I would look at merging the admin domain (typically very small) with the curriculum domain.

With NTFS permissions and security groups, locking down shares is straight forward. It's not like the Windows 9x days where security was more of an issue. The other advantage (in my experience) is less administrative time involved. Only one Sophos AV and WSUS setup required instead of two (one for each domain).

[sted]

Chances are if you don't know the domain level, it'll be the default which is '2000 Mixed'. Setting up trusts are fairly straight forward, but in the longterm I would look at merging the admin domain (typically very small) with the curriculum domain.

With NTFS permissions and security groups, locking down shares is straight forward. It's not like the Windows 9x days where security was more of an issue. The other advantage (in my experience) is less administrative time involved. Only one Sophos AV and WSUS setup required instead of two (one for each domain).

setting up the trust is easy if you have admin access to both domains and the networks are in some way connected.

id love to merge the networks but there are certain admin progs that have to be run on a x.x.even.100 whereas curric is x.x.odd.x so certain stuff would fail and in most of the schools i support i ONLY do curriculum (well in theory most admin support contracts (leeds atm is a joke for this) are pants and i end up doing everything but sims) i have one school where the lea's isp have installed a sisko (arrrggghhhhh) wireless setup (needs a gpo applied and a certificate ffs its a primary school not a bank) and the head keeps on at me to put her laptop on it (i had no involvement in the setup i just know how to connect domain pcs). That school also intend to run sims on curric pcs from september via a trust it does work as ive done it elsewhere (just badly as the lea set up sisko router between the networks only allows the top 32 ips to see the admin network) so i have to find the mac address of all the staff laptops and install sims via a trust (though i think ill just create a script to copy the sims inst dir to my server) that atm is only one way (to curriculum) and i have no access to admin fun aint it

as to sophos id rather have no av it would fix as many problems and wouldnt cripple pcs performance lol