why can't you just use stub zones or conditional forwarding for this to work?
or if NetBT is involved, can you just configure your wins servers to replicate? I thought wins replication had nothing to do with NT security. you just enter the ip of the partner servers... Thanks On 8/9/05, Rick Kingslan <[EMAIL PROTECTED]> wrote: > Really, it uses neither. The NetBT is involved, but because we are on (at > present) untrusted domains and forests, WINS isn't going to work. > > Typically, this is done with an LMHosts file in the \Drivers\ETC directory. > The records are going to be very specific, as they will define the domain of > the target domain, as well as (typically) the PDC for the target. A > 'mirror' LMHosts will be set up on the other trusting side. > > As noted, the format of the records is specific, and can be found here: > > http://support.microsoft.com/kb/180094/ > > And take SPECIAL NOTE that the DOMAIN-NAME records must be EXACTLY as > defined, otherwise they will not work. > > Good luck - it's not daunting, but can be tedious to get working the first > time. > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > Sent: Tuesday, August 09, 2005 5:58 AM > To: ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] AD migration > > Sorry to keep harping- but if you have a trust between a child win2k > domain in one forest with a root or child domain in another forest, > does this use wins or dns. > i know this is not a "real" forest trust and more like an external > trust in that its not transitive and uses ntlm and NOT kerberos, but > does it also relie on wins/netbios like an old NT-style trust? > > thanks > > On 8/8/05, Tom Kern <[EMAIL PROTECTED]> wrote: > > I just started today so what I got was- > > they have connectivity to the child dns server but they cut off > > connectivity to anything in the root domain. > > the firewall is blocking all root traffic. > > this has been like this for a week. > > nothing is replicating to the root and there is no access to the _msdc > > forest zone. > > > > The forest is win2k native with an empty root and 1 child domain in a > > seperate tree. > > they have DA access in the child domain but no DA/EA access in the root. > > all the exchange servers(about 10) are in the child domain. > > the only recipent policy in the root is the default one and the enterprise > RUS. > > > > > > They want to migrate the child domain and all the resources to a new > > forest where we have full control of everything. > > i assume we do not need connectivity to the _msdc forest dns zone to > > create a trust with the old child domain to migrate everything over(or > > anything in the root dns zone). > > > > I'm not 2nd guessing the Quest guys, this is only for my own education. > > > > Thanks a lot > > > > > > On 8/8/05, Medeiros, Jose <[EMAIL PROTECTED]> wrote: > > > I am sure Quest's consultant's knows what they are doing. Didn't you > have them put a quote and migration plan together prior to the actual > migration? Or are you asking these questions because you are second guessing > them? Or is this just for your own knowledge? > > > > > > My understanding is that both domain names have to be different when > using ADMT to migrate from a Source Domain to a Target Domain, unless Quest > has a tool that over comes this that I am not aware of. Are you trying to > keep the same domain name as the source? Microsoft also has a free tool that > will allow you to rename the traget 2003 AD domain as after you have > completed your migration and decommissioned old DC's. > > > > > > Jose > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of Almeida Pinto, > > > Jorge de > > > Sent: Monday, August 08, 2005 2:46 PM > > > To: ActiveDir@mail.activedir.org; activedirectory > > > Subject: RE: [ActiveDir] AD migration > > > > > > > > > What do you mean with "In fact, they are cut off from the root domain > pyhsically. "? Do you mean as in there is not replication between the two > domains? If yes... dare I ask for how long? > > > > > > As I know of you can migrate the child domain without the root being > available because you will be having a trust between the new domain and the > child domain > > > > > > I still don't understand what you mean... They are cut off from the root > and the DNS is avlable in the root. I must be missing something. Can you > explain a bit more? > > > > > > Jorge > > > > > > ________________________________ > > > > > > From: [EMAIL PROTECTED] on behalf of Tom Kern > > > Sent: Mon 8/8/2005 11:08 PM > > > To: activedirectory > > > Subject: [ActiveDir] AD migration > > > > > > > > > > > > I just started working for a company. they used to outsource their > > > AD/Exchange but now they're trying to get it back. > > > > > > Its a 2 tree, 2 domain forest. the root domain is empty. > > > this company only has DA access on the child domain. No EA access. In > > > fact, they are cut off from the root domain pyhsically. > > > > > > What they want to do is create a new forest and migrate all > > > users,exchange,computers,etc to the new forest and be done with the > > > old. > > > They are going to use Quest sw and a consultant from Quest for this. > > > > > > My question is- can this be done without any connectivity to the root? > > > both dns zones are in the root so they really don't have any dns > > > locally as well(needless to say, you cam imagine what the rep logs > > > look like). I'm sure this complicates matters. > > > however, the Quest people seem to think this can still work. > > > can it? > > > > > > also, can the new forest have the same domain names as the old one? > > > > > > Thanks(I'm the guy who posted about his new job jitters about a week > > > or 2 ago, and here i am. Their AD is more messed up than I thought :) > > > ) > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > > > > > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be copied, > disclosed to, retained or used by, any other party. If you are not an > intended recipient then please promptly delete this e-mail and any > attachment and all copies and inform the sender. Thank you. > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
