General discussion

  • Creator
  • #2291924

    2003 server trusting 2000 server users


    by toddah ·

    Hi All,
    I am trying to establish a one way trust to allow AD users (W2K based)in one forest to authenticate on another domain server(W2K3 based)in another forest. I have them both set set up in each DNS and they can ping each other by FQDN. the problem is when I do the trust wizard on the 2003 box it comes back woth the following error.
    The trust relationship cannot be created because the following error occourred:
    The operation failed. The error is: The domain was in the wrong state to perform the security operation.
    Searched and searched and can’t find a clue as to what to look at to resolve this. any pointers would be great.

All Comments

  • Author
    • #3296612

      Just a thought

      by thewynn75 ·

      In reply to 2003 server trusting 2000 server users

      I am not real sure about a network with 2003 and 2000 servers but when you are in a 2000/NT environment you have to run the DC in mixed mode and not native. I am not sure if that even applies here but you may want to check if you need to run mixed mode.
      This could be way off but it is the first thing that I thought of.

    • #3295381

      2000 vs 2003

      by cogtek ·

      In reply to 2003 server trusting 2000 server users

      Windows 2K and 2003 have different AD structures.

      You can’t add a 2003 Server to a Domain until you perform a ADUpdate (/I386/Setup.exe /DomainPrep) on all 2000 DCs

      I know your working with 2 different Forests, but the fact still remains.
      The 2003 Server can’t communicate with the 2000 AD until you up the 2000 AD.

      Don’t think of this as a lite task.
      Research and prepare.
      Your messing with your entire infrastructure.

      Backup now. Backup often.

Viewing 1 reply thread