General discussion

Locked

2003 server trusting 2000 server users

By toddah ·
Hi All,
I am trying to establish a one way trust to allow AD users (W2K based)in one forest to authenticate on another domain server(W2K3 based)in another forest. I have them both set set up in each DNS and they can ping each other by FQDN. the problem is when I do the trust wizard on the 2003 box it comes back woth the following error.
CANNOT CONTINUE:
The trust relationship cannot be created because the following error occourred:
The operation failed. The error is: The domain was in the wrong state to perform the security operation.
Searched and searched and can't find a clue as to what to look at to resolve this. any pointers would be great.

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Just a thought

by thewynn75 In reply to 2003 server trusting 2000 ...

I am not real sure about a network with 2003 and 2000 servers but when you are in a 2000/NT environment you have to run the DC in mixed mode and not native. I am not sure if that even applies here but you may want to check if you need to run mixed mode.
This could be way off but it is the first thing that I thought of.

Collapse -

2000 vs 2003

by cogtek In reply to 2003 server trusting 2000 ...

Windows 2K and 2003 have different AD structures.

You can't add a 2003 Server to a Domain until you perform a ADUpdate (/I386/Setup.exe /DomainPrep) on all 2000 DCs

I know your working with 2 different Forests, but the fact still remains.
The 2003 Server can't communicate with the 2000 AD until you up the 2000 AD.

Don't think of this as a lite task.
Research and prepare.
Your messing with your entire infrastructure.

Backup now. Backup often.

Back to IT Employment Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums