Networks

The W2k Server is on it's own subnet. The W2003 Server on it's own subnet. The W2k server is a DC for the Single forest single domain and runs DNS and Active directory for that forest and single domain. The W2003 server is a DC for it's forest and single domain and runs DNS and Active directory. You then configure the trust relationships between the domains in Active Directory domains and trusts.

thanks for the info!

"the DNS zone can not be non contingous domain name space e.g. microsoft.com and msn.com each one of those domain names require a seperate DNS zone in DNS. one for microsoft.com and one for msn.com. You would have 2 SOA records, 2 foward lookup zones blah blah for the 2 seperate domain names."

Ok, so on both my domain controllers, which are both in separate forrests, I need 2 zones. One for itself, and the other for the domain controller in the other forrest (secondary zone). Is that correct?

I have created both forward and reverse lookup zones for both DC's in both forrests. So in DNS I will have a total of 2 forward and 2 reverse zones per machine.

I have gone to the properties of each zone and added the secondary name server in the name server tab - as well as "allow zone transfers" ticked.

If I go into my event log on 1 machine I am getting this:
Zone transfer request for secondary zone myservers.local refused by master server at 192.168.1.3. Check the zone at the master server 192.168.1.3 to verify that zone transfer is enabled to this server.

Ive checked the dns server on 192.168.1.3 and Ive enabled zone transfers.

This is where I got stuck the other day. I dont think I should be touching Active directory domains and trusts before DNS is working nicely. any other ideas? Is what I have done correct thus far?>

Bfilm is right in that the forest is the security boundry in that when you first create the first domain in Active Directory, your really creating a "forest" even if there is only 1 domain within the forest. That way there is scalibility where you can add domains [and if needed child domains] to the forest later on as the business grows or you need to seperate out functional business units to have its own domain [a security boundry within the forest]. Even though there is a transitive 2 way trust between the root and the child, you can filter user access to resources between domains within the forest.