PHWinfo - Afficher un message - DNS-One Way Trust-questions....

17/03/2006, 21h45

Thanks very much for the informative reply.

They do have 2003;we have 2000

We are on different subnets 10.100.0.0/16 10.99.0.0/16 etc...

I 'believe' they have wins since they have 3 subnets as well...

What other information do you need?

"Herb Martin" <news@LearnQuick.com> wrote in message
news:O1m8q1eSGHA.5808@TK2MSFTNGP12.phx.gbl...
> "ECathell" <ecathell@nospam.com> wrote in message
> news:e3RR7OcSGHA.4740@TK2MSFTNGP14.phx.gbl...
> Hello all.
>
>> I have 2 separate domains being utilized where I work. One is the
>> administration/corporate domain. The > other is a resource domain.
>
>
>> Admin domain is MO.net
>> Resource domain is MT.net
>
>> MT trusts MO, MO does not trust MT. <this may be part of my issue....
>
> Not if you have used the terms correctly. Normally the domain with
> RESOURCES (to be shared or manged) must TRUST the domain
> with USERS (who will be granted privileges.)
>
>> Active directory/Windows authentication between MO>MT works fine.
>
> If this is not the same forest (which is implied by a one-way trust since
> forest domains have automatic two-way trusts) the generally you need
> NETBIOS name resolution to work.
>
>> DNS resolution between MO>MT does not.
>> I am only the admin for the MT domain...
>> MO is handled by a separate IT department.
>
> Generally they must cooperate with you -- as they did for the
> trust -- in setting up name resolution.
>
> Unless you are on a SINGLE subnet you will need WINS servers
> for NetBIOS resolution to work.
>
> And you will need ALL DCs (at least) to be WINS clients if you
> use WINS server, plus if you have more than one WINS server
> they must be set to replicate.
>
>> I want to enable MO to resolve names on our network
>> carteblanche...If I make changes to my dns(such as alias'
>> for our webservices) I dont want to have to have MO put
>> in the alias' on their site, simply have them resolved on our
>> domain...right now name resolution is sporadic at best...
>
> Then for DNS THEY (on MO) must arrange for their DNS
> servers to resolve your zone(s).
>
> In practice this means one of the following:
>
> 1) A common root (almost always impractical)
>
> 2) Cross secondary (they hold a secondary for your zone)
> -- which is usually the only practical solution if they
> use Win2000 (not Win2003)
>
> 3) Cross stub zone (pretty much like #2 but requires Win2003)
>
> 4) Conditional Forwarding -- also requires Win2003 on their
> side to enable this.
>
> (Technically there is a fifth choice in Win2003 but it only works
> for a single forest so this doesn't seem to fit your situation: AD-DNS
> replication forest wide.)
>
>
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>
> --
> --Eric Cathell, MCSA
>

17/03/2006, 21h45	#3
ECathell Messages: n/a Hébergeur:	Re: DNS-One Way Trust-questions.... Thanks very much for the informative reply. They do have 2003;we have 2000 We are on different subnets 10.100.0.0/16 10.99.0.0/16 etc... I 'believe' they have wins since they have 3 subnets as well... What other information do you need? "Herb Martin" <news@LearnQuick.com> wrote in message news:O1m8q1eSGHA.5808@TK2MSFTNGP12.phx.gbl... > "ECathell" <ecathell@nospam.com> wrote in message > news:e3RR7OcSGHA.4740@TK2MSFTNGP14.phx.gbl... > Hello all. > >> I have 2 separate domains being utilized where I work. One is the >> administration/corporate domain. The > other is a resource domain. > > >> Admin domain is MO.net >> Resource domain is MT.net > >> MT trusts MO, MO does not trust MT. <this may be part of my issue.... > > Not if you have used the terms correctly. Normally the domain with > RESOURCES (to be shared or manged) must TRUST the domain > with USERS (who will be granted privileges.) > >> Active directory/Windows authentication between MO>MT works fine. > > If this is not the same forest (which is implied by a one-way trust since > forest domains have automatic two-way trusts) the generally you need > NETBIOS name resolution to work. > >> DNS resolution between MO>MT does not. >> I am only the admin for the MT domain... >> MO is handled by a separate IT department. > > Generally they must cooperate with you -- as they did for the > trust -- in setting up name resolution. > > Unless you are on a SINGLE subnet you will need WINS servers > for NetBIOS resolution to work. > > And you will need ALL DCs (at least) to be WINS clients if you > use WINS server, plus if you have more than one WINS server > they must be set to replicate. > >> I want to enable MO to resolve names on our network >> carteblanche...If I make changes to my dns(such as alias' >> for our webservices) I dont want to have to have MO put >> in the alias' on their site, simply have them resolved on our >> domain...right now name resolution is sporadic at best... > > Then for DNS THEY (on MO) must arrange for their DNS > servers to resolve your zone(s). > > In practice this means one of the following: > > 1) A common root (almost always impractical) > > 2) Cross secondary (they hold a secondary for your zone) > -- which is usually the only practical solution if they > use Win2000 (not Win2003) > > 3) Cross stub zone (pretty much like #2 but requires Win2003) > > 4) Conditional Forwarding -- also requires Win2003 on their > side to enable this. > > (Technically there is a fifth choice in Win2003 but it only works > for a single forest so this doesn't seem to fit your situation: AD-DNS > replication forest wide.) > > > > -- > Herb Martin, MCSE, MVP > Accelerated MCSE > http://www.LearnQuick.Com > [phone number on web site] > > > -- > --Eric Cathell, MCSA >