Question : Domain Trust - NT, W2k & Win2003

I have managed to setup three domains, the original being an NT, a secondary W2K domain and then a W2003 domain.

The problem I am having is that when I setup a PC to be homed to the W2003 domain and a user logs onto this PC into the W2003 domain, the system gives me an error stating that some mapped network drives are inaccessible. (I also get an "Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b)." autoenrollment error message in the application log which I am assuming is related.)* If I explore my way to the network drives that are disconnected (in the W2k domain) and click on them I am prompted for a password to gain access. If I reset the PC to be a member of the NT domain and then log into this NT domain, I do not get this mapping error. How do make it so that I don't get the error when logging into the W2003 domain?

I know this has something to do with the domain trusts. I did setup the original trust between the NT and W2K and that I assume is why these two domains do not have any problem "sharing" networked drives. What do I need to do to setup the trusts for the W2003 & W2K domains without impacting the W2003 to NT trust? (Id like to get rid of the NT domain, but need to get everyone logged into the W2003 without any mapping errors first.)

*I also get a Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. error every once in a while. I assume this is also related to this problem.

Thanks,
GH

Answer : Domain Trust - NT, W2k & Win2003

First, you need trust between the W2K3 and the W2K domains (assuming they're in different forests). AD Domains and Trusts on the Win2K3 DC, select the W2K3 domain in the left pane, right-click, choose New Trust. The wizard is self-explanatory from there. You'll need Domain Admin credentials on both domains. Make the trust one-way - Win2K domain is the trusting domain, Win2K3 is the trusted.

Second, one trust doesn't impact any others. This has no effect on any trusts you might have with the NT domain.

Third, trusts do not establish permissions. Check the permissions on the networked drives in the W2K domain - you may need to grant permissions to the Domain Users group in the W2K3 domain. Possibly not, since it sounds like anything other than anonymous is getting granted access if the NT accounts gain access simply through the trust.

The errors suggest you haven't set up DNS correctly. That's a whole 'nother bag of worms - see if you can sort the permissions first.

Random Solutions

VLAN setting for Data and VOIP which share same WAN port

Change WINS & DNS IP addresses

share document over the web

Open files locked by users in Novell

Internal Users connecting to server via its external IP instead of internal.

Strange hostname when i resolve IP

Network maping tool?

Change extension that external calls go to

Any way to find IP address knowing MAC address?