General discussion

Locked

Adding a WIN2K server to NT 4

By lnewton ·
How do you set up the Trust environment for a Win2K standalone server in a Windows NT 4.0 server environment?

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Adding a WIN2K server to NT 4

by CG IT In reply to Adding a WIN2K server to ...

What do you mean W2K stand-a-lone server? What kind of server? PDC? Web? Exchange? ISA? SQL? If the W2K server will be a domain controller [???] it's gotta run in Mixed mode.

Collapse -

Adding a WIN2K server to NT 4

by lnewton In reply to Adding a WIN2K server to ...

Poster rated this answer

Collapse -

Adding a WIN2K server to NT 4

by lnewton In reply to Adding a WIN2K server to ...

The server will be used as just a file server. It will not be a PDC or BDC.
The error is; "the trust relationship cannot be established between......"

Collapse -

Adding a WIN2K server to NT 4

by bb11772 In reply to Adding a WIN2K server to ...

Depending on your current setup, likely you will have to setup the Win2K in mixed mode if you choose AD at all. During setup of Active Directory (AD), it will ask you what environment you choose. Native or Mixed. Once you go native, you can't go back. If you have to stay in mixed mode, the NT boxes will handle all security control for itselves and any other non-native computers within the AD environment. It will lso setup the global catalog server, whichi contains all the security and rights permissions. It's simmular to the SAM's found locally on each machine.

AD functionality centers around Multiple and/or Single Master Operations allowing for replication of security and resources information which is the strengths of the AD schema. There are five main masters: Schema Master; Domain Naming Master; RID Master; Primary Domain Controller Emulator; Infrastructure Operations Master.

Installing Active Directory on the standalone in a mixed environment by default becomes the Emulator. It also becomes the other masters by default except for the Primary Naming Master if a PDC already exists. Only native computers can a master.

Collapse -

Adding a WIN2K server to NT 4

by bb11772 In reply to Adding a WIN2K server to ...

The AD Client Extension allows 95/98/NT 4.0 computers to only support: it allows for Site Awareness to reduce network traffic;AD Services Interface (ADSI) for a programming scripting language which allows native and mixed modes mesh seemlessley for object and serives communication
it provides a DFS fault tolerance client for AD Clients allowing access to the fault-tolerant file shares specified within the schema; it also gives access to the AD Windows address book property pages allowing users whom have the permission to access to the properties on objects within AD; and provides NTLM v2 authentication to clients if needed for higher security process capabilities.

AD Clients can't take advantage of: KAP (Kerberos Authorization Protocol); Group Policy Support; IPSec & L2TP; or SPN (Service Principal Name or mutual authentication).

A 1-Way Trust means only one path is secure for communication link between domains which are secured communications, while a 2-Way Trust means both secured paths going in oposite directions between two domains are Trusted.
A Transitive Trust means that the trust relationship extended to one domain is automatically done to all other domains that trust that domain. A 2-Way Transitive Trust means that the turst relationship extedned to one domain is automatically extended out to all other domains that trust that domain and is the default between 2k domains in the forest.

Thats in very litely.

Ben

Collapse -

Adding a WIN2K server to NT 4

by bb11772 In reply to Adding a WIN2K server to ...

I knew that too. Saw it after I got ready to post. Dang this AD/HD sometimes!

Ben

Collapse -

Adding a WIN2K server to NT 4

by lnewton In reply to Adding a WIN2K server to ...

Poster rated this answer

Collapse -

Adding a WIN2K server to NT 4

by TechKid In reply to Adding a WIN2K server to ...

The above answer was a very well done presentation. However, the explanation of your error message is really much more simple.

Trusts are setup to link 2 separate domains. Since your W2K server is not in a domain nor is it a domain controller, notrust can be established.

Simple solution is to join the W2K server to the NT domain.

Collapse -

Adding a WIN2K server to NT 4

by lnewton In reply to Adding a WIN2K server to ...

All the comments were good, although explanations of Trust were a little drawn out. I figured out the problem and all is well.
Thanks to all who submitted. It's good to know there's help when you need it!!!!

Collapse -

Adding a WIN2K server to NT 4

by lnewton In reply to Adding a WIN2K server to ...

This question was closed by the author

Back to Networks Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums