General discussion


External Trusts

By michael_stannes ·
I have two Win 2003 servers, a PDC and a member server. These are set up in their own AD forest, and are intended to run at Windows 2003 forest functional level. The PDC has two network cards, one for the subnet for the server
and PCs linked to them, and one to give an IP in
our 'old' network, which is an NT4 domain. It is not intended to introduce the old NT servers into the new domain, rather to build a new 2003 infrastructure, and move PCs/users across as necessary.
However, for access (during the migration) from the 2003 domain to print servers and other devices in the 'old' network, and for email forwarding from our old Exchange
5.5 system (we will be installing Exchange 2003 shortly, and gradually moving mailboxes across), we need the 2003 domain to trust the NT domain via an External Trust, so
that resources in the NT domain can be accessed during the migration process.

Three questions. One is - is the path described above a correct course to follow? Two - can external trusts to NT domains be created when the AD forest is running in Win 2003 native mode? Three - would it be better to run the member server as a BDC - there will be 70-80 clients over several sites?

many thanks

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to External Trusts

Question # 2. Can external trusts between a NT domain and a AD domain be established with the AD Domain running in native mode? Answer: NO
Mixed Mode only.

Question # 3. Would it be better to run the member server as a BDC. With an Active Directory environment, Domain Controllers replicate AD with each other. The terms primary and backup are misnomers as all DCs which replicate with each other have a copy of AD. There really isn't a "primary" pe se.[a built in safe fail over].

question # 1. is the path described above a correct course to follow? Well it's is one way to migrate. Is it the easiest way? Having 2 seperate domains not within the same domain namespace and each must access resources on each domain does require a trust between the 2. If users from one domain need to quit it and join the other domain, the computers have to quit, join a generic workgroup. then join the new domain. User accounts aren't migrated so new accounts will have to be made for each user that moves from one domain to the other. Even though a trust exsists, that trust is for sharing of resources not membership. Lotta work IMO.

I would follow the MS migration path from NT to a W2003 AD environment.

Collapse -

by michael_stannes In reply to

Many thanks.The reason for setting up what is effectively a seperate network is that I am the only IT support at a charity, and to upgrade our domain in one go would be too great a task. This way, I can gradually move users across over a period of about a year as I am combining the rollout of 2003 with a PC upgrade to XP machines and so existing users will be upgraded as well as linked to the new server.

Collapse -

by michael_stannes In reply to External Trusts

This question was closed by the author

Related Discussions

Related Forums