Windows Server 2008 Thread, Server 2008 AD issue across forest trust with Server 2003 R2 AD in Technical; We have 2 seperate Domains with a forest level trust. On one Domain we have 3 Server 2003 R2 DC's. ...
16th September 2008, 07:38 PM #1
- Rep Power
Server 2008 AD issue across forest trust with Server 2003 R2 AD
We have 2 seperate Domains with a forest level trust. On one Domain we have 3 Server 2003 R2 DC's. On the other Domain we have 1 Server 2008 DC. The trust works just fine as I can browse each Domain from the other, however I need to add user access to the shares on each Domain... I upgraded the 2003 R2 AD Schema to the 2008 AD Schema using adprep /forestprep, so that all the AD's have the same Schema. When I try to add a user to a share, I am able to change the Location to the other Domain, but my problem is that I cannot add a user to any shares from one Domain to the other Domain and vice-versa. Any advice would be appreciated.
IDG Tech News
16th September 2008, 08:37 PM #2
do you get any error messages? can you see any users from the other domain at all?
16th September 2008, 08:46 PM #3
- Rep Power
no errors at all. on a share, when i chose the sharing tab, or permissions and try to add a user from "Select Users, Computers or Groups", i can choose the other domain from the "Locations" button, but when i type in administrator (or any other user) and then select the "Check Name" button, I get "Name Not Found"
An object named "administrator" cannot be found. Check the selected object types and location for accuracy and ensure that you typed the object name correctly, or remove this object from the selection.
17th September 2008, 09:07 AM #4
What happens when you do a search with nothing typed in?
21st September 2008, 12:21 PM #5
Not 100% sure but won't you have to run your 2008DC in 2003 forest functional mode in order to keep forest compatibility
11th October 2008, 11:00 AM #6
Is the Trust in place and verified?
Just because it's there does not mean it's working.
I have had problems in the past establishing trusts between disparate domains.
The trick is to create an identical Domain Admin level account in both domains and use this to establish the domain trust.
I would also check/verify/re-establish the trust using this account.
Make sure the clocks are in sync between domains and the time zones match.
Be sure that each DC in each domain can ping each other by Name and IP.
Eg dc1.xyz.com > dc1.abc.com
If your DNS is not configured to do the lookups between your domains KDC,Keberos,LDAP all fail and you will not get the results you are expecting.
By pooley in forum Windows Server 2008
Last Post: 10th June 2008, 01:58 PM
By spik376 in forum MIS Systems
Last Post: 8th February 2008, 01:15 AM
By exsupport in forum Windows
Last Post: 6th October 2007, 11:30 AM
By starscream in forum Windows
Last Post: 3rd August 2007, 01:07 AM
By tosca925 in forum Windows
Last Post: 21st August 2005, 11:32 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)