TRUSTS - 3 domains, 2 with the same netbios domain name. HELP!!!!

Discussion in 'Active Directory' started by CPiO, Jan 14, 2010.

  1. CPiO

    CPiO Guest

    Hi,

    I am banging my head against the wall with this one and really need some
    help....

    Scenario:-

    I have 3 AD domains as follows:-

    Domain 1
    AD namespace - uk.company.local
    netbios domain name = ukcompany
    2003 finctional forest and domain

    Domain 2
    AD namespace - france.company.local
    netbios domain name = company **same as domain 3
    2000 finctional forest and domain

    Domain 3
    AD namespace - spain.company.local
    netbios domain name - company **same as domain 2
    2000 finctional forest and domain

    Is there any way that Domain 1 can create a Trust to domain 2 and domain 3
    when they both use the same netbios domain name. Domain 2 and domain 3 NEVER
    need to trust one another.

    Pease help.....

    Many Thanks
     
    CPiO, Jan 14, 2010
    #1
    1. Advertisements

  2. Hello CPiO,

    The NetBIOS name MUST be different to create a trust. So you have to rename
    one domain or migrate to a new domain with a different name. NO other option
    exists.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jan 14, 2010
    #2
    1. Advertisements

  3. You won't be able to accomplish this and I am quite surprised that you can
    have two domains in the same forest, with the same netbios name. I'm
    guessing you are at Domain Functional Level (DFL) and Forest Functional
    level (FFL) of 2000 and again I will be surprised if you will be able to
    move to DFL/FFL of 2003 or 2008.

    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Jan 14, 2010
    #3

  4. I concur with Paul and Meinolf. For domain to domain trusts, which are
    reliant on NetBIOS name resolution and support, the names *must* be
    different.


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
    MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please
    contact Microsoft PSS directly. Please check http://support.microsoft.com
    for regional support phone numbers.
     
    Ace Fekay [MVP-DS, MCT], Jan 14, 2010
    #4
  5. Ace,
    I don't get it. How were they ever able to configure two domains in the
    same forest with the same netbios name? Is it because in 2000 there isn't
    transitivity?

    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Jan 14, 2010
    #5
  6. Hello Paul Bergson [MVP-DS],

    I think they just use the same forest name and they are stil different forests.
    The OP didn't state that they are in the same forest.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Jan 14, 2010
    #6

  7. I'm taking that the poster was implying (as I interpreted it) that it never
    worked.

    Windows NT4, 2000 & 2003 domain-domain trusts are NetBIOS based and are not
    transitive. However, Windows 2003 forest-forest trusts, in 2003 Forest and
    Domain FL are transitive, but are DNS based.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Jan 14, 2010
    #7
  8. Ahhh, you might be on to something Meinolf. Heading to Summit this year?

    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.

     
    Paul Bergson [MVP-DS], Jan 14, 2010
    #8
  9. Hello Paul Bergson [MVP-DS],

    No, unfortunal i cannot join the Summit. Hopefully i can arrange it next
    year, if i am still MVP then.

    Best regards

    Meinolf Weber


     
    Meinolf Weber [MVP-DS], Jan 14, 2010
    #9

  10. I agree, Meinolf may have hit it on the head. That would explain some of the
    issues.

    Ace
     
    Ace Fekay [MVP-DS, MCT], Jan 15, 2010
    #10
  11. Okay here's the answer

    Understand this that the Active directory Structure is very nicely done, which seems you are unable to understand...

    I have some questions for you to answer

    1. Did you checked Active Directory Sites and Services-Sites-Servers-NTDS Settings-Properties what did you see??
    for all Servers in this forest to get an idea which Server is replicating with which one?? & how many GCS and ADC's you have??

    2. One way to design such a structure which You are talking about is to have Parent OU's containing Sub OU's

    These Sub OU's can be named as Users, Groups, Servers and Client Pc's which would contain those kind of objects (this would help the System Admin to run Scripts & manage GPO) all over the network, also in this structure you can have GCS and ADC for faster replication, fault tolerance and load balancing all over the forest at every site.

    3. Every region would have a so called Administrator managing OU of that particular region creating deleting and managing user accounts and group membership on that master OU of which he/she has been assigned delegate control they can see other OU's also but would have read only access untill they have been assigned rights to manage other OU's

    4. By default all these servers would have transitive trust and intrasite replication, only the servers naming convention would be tricky example NY-Dc01.xyz.com and cali-Dc01.xyz.com ofcourse NYdc01 will be in NY and Calidc01 would be in cali but they would replicate with each other and would have same netbios name on client Pc's in Cali and NY. however it doesnt matter if both are GCS on their respective sites or can be ADC for fast replication of objects

    5. If you are 100% sure that there are Child Domains as i said then you should check ADS&S properly, if in case then you need to user "Windows 2003 Domain rename tool" and follow the process of Domain renamining

    I have the experience of being in such a forest environment where you get this feeling

    have a blessed day
    and if you have any query please revert back
    Prince Kanago
    MCT, MCTS, MCSE, ITIL, IBM-EADP, CEH, CWNA
    Windows 2000-2008
     
    Prince Kanago, Nov 28, 2010
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.