RE: How to create a trust?
We have one external trust set up between two forests. Although we do still have WINS (we'll see how long that lasts...) I didn't have to use it to get the trust setup. DNS alone is not enough, but correctly configured lmhosts files on the two PDC emulators that establish the trust will do the job. That may not be enough to actually USE the trusted resources across both domains completely though--we only want them available on specific servers, so that is what we have defined. I remember needing either (or maybe both) the 0x1b and 0x1c records, as well as defining the DC on the other end of the trust. I can pull a copy if anyone needs the format-let me know. -Bonnie From: [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:37 AM To: NT System Admin Issues Subject: Re: How to create a trust? Interesting! Does this mean, then, for a trust to work better, WINS servers should be running at each domain? -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Ben Scott [EMAIL PROTECTED] wrote on 11/14/2008 09:08:39 AM: On Thu, Nov 13, 2008 at 2:45 PM, Free, Bob [EMAIL PROTECTED] wrote: Creating trusts is generally also dependent on short-name(NetBios) Ah. Doesn't surprise me. Good to know. :) NetBios is not as dead as some would have you think. Yah. Microsoft keeps says NetBIOS is decreated, but then you run across MSKB articles saying such and such won't work if NetBIOS is disabled. I suspect NetBIOS is never going to go away completely. NetBIOS's naming protocols are built-in to Windows in some rather core places. In particular, the security subsystem and SMB. Historically, Microsoft has not had much luck upgrading that stuff. I suspect that code is so old and poorly written (some of dates back to Win 3.x!) nobody is left who understands what it all does. By all appearances, AD couples on to those things, rather than replacing them. Usually the UI hides all this, but the old stuff still pokes through on occasion, in error messages, the registry, and so on. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
On Thu, Nov 13, 2008 at 2:45 PM, Free, Bob [EMAIL PROTECTED] wrote: Creating trusts is generally also dependent on short-name(NetBios) Ah. Doesn't surprise me. Good to know. :) NetBios is not as dead as some would have you think. Yah. Microsoft keeps says NetBIOS is decreated, but then you run across MSKB articles saying such and such won't work if NetBIOS is disabled. I suspect NetBIOS is never going to go away completely. NetBIOS's naming protocols are built-in to Windows in some rather core places. In particular, the security subsystem and SMB. Historically, Microsoft has not had much luck upgrading that stuff. I suspect that code is so old and poorly written (some of dates back to Win 3.x!) nobody is left who understands what it all does. By all appearances, AD couples on to those things, rather than replacing them. Usually the UI hides all this, but the old stuff still pokes through on occasion, in error messages, the registry, and so on. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
Interesting! Does this mean, then, for a trust to work better, WINS servers should be running at each domain? -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Ben Scott [EMAIL PROTECTED] wrote on 11/14/2008 09:08:39 AM: On Thu, Nov 13, 2008 at 2:45 PM, Free, Bob [EMAIL PROTECTED] wrote: Creating trusts is generally also dependent on short-name(NetBios) Ah. Doesn't surprise me. Good to know. :) NetBios is not as dead as some would have you think. Yah. Microsoft keeps says NetBIOS is decreated, but then you run across MSKB articles saying such and such won't work if NetBIOS is disabled. I suspect NetBIOS is never going to go away completely. NetBIOS's naming protocols are built-in to Windows in some rather core places. In particular, the security subsystem and SMB. Historically, Microsoft has not had much luck upgrading that stuff. I suspect that code is so old and poorly written (some of dates back to Win 3.x!) nobody is left who understands what it all does. By all appearances, AD couples on to those things, rather than replacing them. Usually the UI hides all this, but the old stuff still pokes through on occasion, in error messages, the registry, and so on. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
On Fri, Nov 14, 2008 at 12:37 PM, [EMAIL PROTECTED] wrote: Does this mean, then, for a trust to work better, WINS servers should be running at each domain? That appears to be the suggestion. I'd start with DNS, because it should be relatively easy to get both domains resolving each other. Merging NetBIOS namespaces is likely to be rather more involved. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: How to create a trust?
To *establish* the trust you generally need to have short-name resolution. Only 2 Windows 2003 Full Native Mode Forests can establish a trust using Kerberos. All other trusts will use NTLM, hence you need NetBIOS name resolution. You don't have to have WINS, LMHOSTS files also work. I do have a config where an external trust also includes replicating WINS partners between the organizations for legacy support of some really old applications but it's definitely not required. It does make working with the trust simpler but I have also gone the LMHOSTS route before. I sure wouldn't suggest installing WINS just for the purpose of establishing the trust. I don't recall all the details of your dilemma but one hopes that the NetBIOS names of your domains are different...That has bitten people in the arse before -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 9:37 AM To: NT System Admin Issues Subject: Re: How to create a trust? Interesting! Does this mean, then, for a trust to work better, WINS servers should be running at each domain? -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Ben Scott [EMAIL PROTECTED] wrote on 11/14/2008 09:08:39 AM: On Thu, Nov 13, 2008 at 2:45 PM, Free, Bob [EMAIL PROTECTED] wrote: Creating trusts is generally also dependent on short-name(NetBios) Ah. Doesn't surprise me. Good to know. :) NetBios is not as dead as some would have you think. Yah. Microsoft keeps says NetBIOS is decreated, but then you run across MSKB articles saying such and such won't work if NetBIOS is disabled. I suspect NetBIOS is never going to go away completely. NetBIOS's naming protocols are built-in to Windows in some rather core places. In particular, the security subsystem and SMB. Historically, Microsoft has not had much luck upgrading that stuff. I suspect that code is so old and poorly written (some of dates back to Win 3.x!) nobody is left who understands what it all does. By all appearances, AD couples on to those things, rather than replacing them. Usually the UI hides all this, but the old stuff still pokes through on occasion, in error messages, the registry, and so on. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
Ah, finally, a reply - thanks! From my (IL) network, an NYC DomainAdmin opens a remote session on an NYC DomainController. We then did just as Microsoft (and you) said - the Properties tab of the NYC domain's AD DT tool. At the moment, the Big Boss says to back off creating the trust until he can have some consultants around to hold our hands, so the next attempt will be several weeks from now. Whatever, though, should both domains have started off with a DNS A record pointing to each other's domains? It seems to be obvious, the the MS How to... neglected that. Thanks again! -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Ben Scott [EMAIL PROTECTED] wrote on 11/12/2008 10:38:59 PM: On Wed, Nov 12, 2008 at 1:59 PM, [EMAIL PROTECTED] wrote: ANYWAY, the help file says to select External Trust for trust type. We seem to have no such option - only Realm trust or Trust with a Windows domain. Neither works. What are you doing to get to where you're seeing that? As I recall, it's all under the Active Directory Domains and Trusts tool, right-click the domain object icon itself, do Properties, and it's one of the tabs. (Don't have a box to test on where I am now.) You add the other domain on each domain so they can trust each other. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
Either that or have it in both the LMHOST and HOST files. They are fragile at least mine have been but then if you are not monkeying with DNS a lot they work well. One thing I have found is it is best if both are at the same functional and domain levels but then I am in a University settiing and things get changed more in that setting from my experience. Jon On Thu, Nov 13, 2008 at 8:15 AM, [EMAIL PROTECTED] wrote: Ah, finally, a reply - thanks! From my (IL) network, an NYC DomainAdmin opens a remote session on an NYC DomainController. We then did just as Microsoft (and you) said - the Properties tab of the NYC domain's AD DT tool. At the moment, the Big Boss says to back off creating the trust until he can have some consultants around to hold our hands, so the next attempt will be several weeks from now. Whatever, though, should both domains have started off with a DNS A record pointing to each other's domains? It seems to be obvious, the the MS How to... neglected that. Thanks again! -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Ben Scott [EMAIL PROTECTED] wrote on 11/12/2008 10:38:59 PM: On Wed, Nov 12, 2008 at 1:59 PM, [EMAIL PROTECTED] wrote: ANYWAY, the help file says to select External Trust for trust type. We seem to have no such option - only Realm trust or Trust with a Windows domain. Neither works. What are you doing to get to where you're seeing that? As I recall, it's all under the Active Directory Domains and Trusts tool, right-click the domain object icon itself, do Properties, and it's one of the tabs. (Don't have a box to test on where I am now.) You add the other domain on each domain so they can trust each other. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
Thanks! I was tempted(!) to raise the NYC functional level but was too much in fear for the Big Boss (officed next door to the UberBig Boss). -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Jon Harris [EMAIL PROTECTED] wrote on 11/13/2008 07:32:07 AM: Either that or have it in both the LMHOST and HOST files. They are fragile at least mine have been but then if you are not monkeying with DNS a lot they work well. One thing I have found is it is best if both are at the same functional and domain levels but then I am in a University settiing and things get changed more in that setting from my experience. Jon On Thu, Nov 13, 2008 at 8:15 AM, [EMAIL PROTECTED] wrote: Ah, finally, a reply - thanks! From my (IL) network, an NYC DomainAdmin opens a remote session on an NYC DomainController. We then did just as Microsoft (and you) said - the Properties tab of the NYC domain's AD DT tool. At the moment, the Big Boss says to back off creating the trust until he can have some consultants around to hold our hands, so the next attempt will be several weeks from now. Whatever, though, should both domains have started off with a DNS A record pointing to each other's domains? It seems to be obvious, the the MS How to... neglected that. Thanks again! -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Ben Scott [EMAIL PROTECTED] wrote on 11/12/2008 10:38:59 PM: On Wed, Nov 12, 2008 at 1:59 PM, [EMAIL PROTECTED] wrote: ANYWAY, the help file says to select External Trust for trust type. We seem to have no such option - only Realm trust or Trust with a Windows domain. Neither works. What are you doing to get to where you're seeing that? As I recall, it's all under the Active Directory Domains and Trusts tool, right-click the domain object icon itself, do Properties, and it's one of the tabs. (Don't have a box to test on where I am now.) You add the other domain on each domain so they can trust each other. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
On Thu, Nov 13, 2008 at 8:15 AM, [EMAIL PROTECTED] wrote: We then did just as Microsoft (and you) said - the Properties tab of the NYC domain's AD DT tool. On my Win 2K servers, that's where I would go. Let's suppose you have domains foo.example.com and bar.example.com. 1. Log in to a computer on domain foo.example.com using an account with domain admin rights 2. Open Active Directory Domains and Trusts 3. Right-click the domain icon, choose Properties 4. Trusts tab. There are two lists: Domains trusted by this domain and Domains that trust this domain. 5. Click Add for trusted by 6. Enter the domain name bar.example.com, and a password for the trust. 7. Repeat steps 5 and 6 for the trust this list 8. Repeat steps 1 through 7 on domain bar.example.com, targeting domain foo.example.com Don't enter the angle-brackets, if that isn't obvious. :) The trust password is just a shared secret unique to the trust, not a domain admin account password or anything else. Whatever, though, should both domains have started off with a DNS A record pointing to each other's domains? You will need DNS working for both domains in both domains for AD to work properly. However, I believe just adding an A record will not do it. All the docs say AD uses SRV records to locate DCs, and I've never seen anything that leads me to think otherwise. Your best bet is to make sure each domain can fully resolve all DNS records in the other domain. If the domains share a common parent domain, that can be done by making sure delegations (NS records) exist for each subdomain, and that those NS records are returned in each domain. However, that won't work if the domains are private and don't share their DNS infrastructure. If that's the case, and you're running Windows 2003 for DNS, you can configure your DNS servers for each one to forward queries for the specific domains to the DNS servers for the other domain. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
I think the last line says it all, and we'll do that next time. Again, I think some of the snags (in addition to that last line) are because, although NYC has 4 Win2003 DCs, their functional level still shows as Win2000. Our level is at Win2003 which NYC must change. As to proper AD functionality w/SRV, DNS, etc, well, we gotta get the trust set up first. Thanks, this is great! -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org Ben Scott [EMAIL PROTECTED] wrote on 11/13/2008 07:59:35 AM: On Thu, Nov 13, 2008 at 8:15 AM, [EMAIL PROTECTED] wrote: We then did just as Microsoft (and you) said - the Properties tab of the NYC domain's AD DT tool. On my Win 2K servers, that's where I would go. Let's suppose you have domains foo.example.com and bar.example.com. 1. Log in to a computer on domain foo.example.com using an account with domain admin rights 2. Open Active Directory Domains and Trusts 3. Right-click the domain icon, choose Properties 4. Trusts tab. There are two lists: Domains trusted by this domain and Domains that trust this domain. 5. Click Add for trusted by 6. Enter the domain name bar.example.com, and a password for the trust. 7. Repeat steps 5 and 6 for the trust this list 8. Repeat steps 1 through 7 on domain bar.example.com, targeting domain foo.example.com Don't enter the angle-brackets, if that isn't obvious. :) The trust password is just a shared secret unique to the trust, not a domain admin account password or anything else. Whatever, though, should both domains have started off with a DNS A record pointing to each other's domains? You will need DNS working for both domains in both domains for AD to work properly. However, I believe just adding an A record will not do it. All the docs say AD uses SRV records to locate DCs, and I've never seen anything that leads me to think otherwise. Your best bet is to make sure each domain can fully resolve all DNS records in the other domain. If the domains share a common parent domain, that can be done by making sure delegations (NS records) exist for each subdomain, and that those NS records are returned in each domain. However, that won't work if the domains are private and don't share their DNS infrastructure. If that's the case, and you're running Windows 2003 for DNS, you can configure your DNS servers for each one to forward queries for the specific domains to the DNS servers for the other domain. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
R: How to create a trust?
Add the DNS of the trusted domain as secondary zone and ask it will allow to download the zone GuidoElia HELPPC -Messaggio originale- Da: Ben Scott [mailto:[EMAIL PROTECTED] Inviato: giovedì 13 novembre 2008 15.00 A: NT System Admin Issues Oggetto: Re: How to create a trust? On Thu, Nov 13, 2008 at 8:15 AM, [EMAIL PROTECTED] wrote: We then did just as Microsoft (and you) said - the Properties tab of the NYC domain's AD DT tool. On my Win 2K servers, that's where I would go. Let's suppose you have domains foo.example.com and bar.example.com. 1. Log in to a computer on domain foo.example.com using an account with domain admin rights 2. Open Active Directory Domains and Trusts 3. Right-click the domain icon, choose Properties 4. Trusts tab. There are two lists: Domains trusted by this domain and Domains that trust this domain. 5. Click Add for trusted by 6. Enter the domain name bar.example.com, and a password for the trust. 7. Repeat steps 5 and 6 for the trust this list 8. Repeat steps 1 through 7 on domain bar.example.com, targeting domain foo.example.com Don't enter the angle-brackets, if that isn't obvious. :) The trust password is just a shared secret unique to the trust, not a domain admin account password or anything else. Whatever, though, should both domains have started off with a DNS A record pointing to each other's domains? You will need DNS working for both domains in both domains for AD to work properly. However, I believe just adding an A record will not do it. All the docs say AD uses SRV records to locate DCs, and I've never seen anything that leads me to think otherwise. Your best bet is to make sure each domain can fully resolve all DNS records in the other domain. If the domains share a common parent domain, that can be done by making sure delegations (NS records) exist for each subdomain, and that those NS records are returned in each domain. However, that won't work if the domains are private and don't share their DNS infrastructure. If that's the case, and you're running Windows 2003 for DNS, you can configure your DNS servers for each one to forward queries for the specific domains to the DNS servers for the other domain. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
On Thu, Nov 13, 2008 at 9:31 AM, [EMAIL PROTECTED] wrote: Again, I think some of the snags (in addition to that last line) are because, although NYC has 4 Win2003 DCs, their functional level still shows as Win2000. Our level is at Win2003 which NYC must change. I've never tried it, but I'm not so sure functional levels need to match between domains for external trusts between AD domains. I say that mainly because I *have* created trusts between an AD domain and an NTLM domain, which are *very* different beats, and that certainly worked fine. I wouldn't expect the trust mechanism to allow that, but then be pickier about AD-AD trusts. Then again, I've seen stupider limitations. As to proper AD functionality w/SRV, DNS, etc, well, we gotta get the trust set up first. That may not be possible. I think you need to have DNS working properly in order to establish the trust. AD uses DNS to find DCs. Without proper DNS, the one domain's DCs will not be able to find the other domain's DCs. If the DCs cannot talk, the trust isn't going to be very useful, even if you manage to create it. I'm checking my usual sources (Minasi, Lowe-Norris, Crawford, Google), and I can't find anything that says AD trusts definitely will not work without proper DNS. But do find lots of recommendations to have DNS working properly. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: How to create a trust?
Creating trusts is generally also dependent on short-name(NetBios) resolution as well as the other obvious requirements. Often after people have fought creating a trust for some time and employ LMHOST files (or WINS) it magically works... NetBios is not as dead as some would have you think. There are several MSKB articles about trust creation failing in the absense of shortname resolution. Good summary in this article- http://www.windowsdevcenter.com/pub/a/windows/2004/05/11/netbios.html -Original Message- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2008 9:26 AM To: NT System Admin Issues Subject: Re: How to create a trust? On Thu, Nov 13, 2008 at 9:31 AM, [EMAIL PROTECTED] wrote: Again, I think some of the snags (in addition to that last line) are because, although NYC has 4 Win2003 DCs, their functional level still shows as Win2000. Our level is at Win2003 which NYC must change. I've never tried it, but I'm not so sure functional levels need to match between domains for external trusts between AD domains. I say that mainly because I *have* created trusts between an AD domain and an NTLM domain, which are *very* different beats, and that certainly worked fine. I wouldn't expect the trust mechanism to allow that, but then be pickier about AD-AD trusts. Then again, I've seen stupider limitations. As to proper AD functionality w/SRV, DNS, etc, well, we gotta get the trust set up first. That may not be possible. I think you need to have DNS working properly in order to establish the trust. AD uses DNS to find DCs. Without proper DNS, the one domain's DCs will not be able to find the other domain's DCs. If the DCs cannot talk, the trust isn't going to be very useful, even if you manage to create it. I'm checking my usual sources (Minasi, Lowe-Norris, Crawford, Google), and I can't find anything that says AD trusts definitely will not work without proper DNS. But do find lots of recommendations to have DNS working properly. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
How to create a trust?
Greetings! There exists a dedicated T1 between my network and company HQ in NYC. We really should have created a trust long ago, but... Anyway, a domain admin from NYC is here and logged into an NYC DC. We're unable to create a trust. The on-line instructions (such as menus, what tabs to see, etc) do not seem to apply. FWIW, we are at functional level Win2003 native; they are at Win2000 native. ANYWAY, the help file says to select External Trust for trust type. We seem to have no such option - only Realm trust or Trust with a Windows domain. Neither works. What do we seem to be missing? Thanks! -- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: How to create a trust?
On Wed, Nov 12, 2008 at 1:59 PM, [EMAIL PROTECTED] wrote: ANYWAY, the help file says to select External Trust for trust type. We seem to have no such option - only Realm trust or Trust with a Windows domain. Neither works. What are you doing to get to where you're seeing that? As I recall, it's all under the Active Directory Domains and Trusts tool, right-click the domain object icon itself, do Properties, and it's one of the tabs. (Don't have a box to test on where I am now.) You add the other domain on each domain so they can trust each other. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~