Recipe 2.15 Creating a Trust Between a Windows NT Domain and an AD Domain

Previous page
Table of content
Next page

2.15.1 Problem

You want to create a one-way or two-way nontransitive trust from an AD domain to a Windows NT domain.

2.15.2 Solution

2.15.2.1 Using a graphical user interface

  1. Open the Active Directory Domains and Trusts snap-in.

  2. In the left pane, right-click the domain you want to add a trust for and select Properties.

  3. Click on the Trusts tab.

  4. Click the New Trust button.

  5. After the New Trust Wizard opens, click Next.

  6. Type the NetBIOS name of the NT domain and click Next.

  7. Assuming the NT domain was resolvable via its NetBIOS name, the next screen will ask for the Direction of Trust. Select Two-way, One-way incoming, or One-way outgoing, and click Next.

  8. If you selected Two-way or One-way Outgoing, you'll need to select the scope of authentication, which can be either Domain-wide or Selective, and click Next.

  9. Enter and re-type the trust password and click Next.

  10. Click Next twice to finish.
2.15.2.2 Using a command-line interface
> netdom trust <NT4DomainName> /Domain:<ADDomainName> /ADD[RETURN]          [/UserD:<ADDomainName>\ADUser> /PasswordD:*][RETURN]          [/UserO:<NT4DomainName>\NT4User> /PasswordO:*][RETURN]          [/TWOWAY]

For example, to create a trust from the NT4 domain RALLENCORP_NT4 to the AD domain RALLENCORP, use the following command:

> netdom trust RALLENCORP_NT4 /Domain:RALLENCORP /ADD[RETURN]          /UserD:RALLENCORP\administrator /PasswordD:*[RETURN]          /UserO:RALLENCORP_NT4\administrator /PasswordO:*

You can make the trust bidirectional, i.e., two-way, by adding a /TwoWay switch to the example.

2.15.3 Discussion

It is common when migrating from a Windows NT environment to Active Directory to set up trusts to down-level master account domains or resource domains. This allows AD users to access resources in the NT domains without providing alternate credentials. Windows NT does not support transitive trusts and, therefore, your only option is to create a nontransitive trust. That means you'll need to set up individual trusts between the NT domain and every Active Directory domain that contains users that need to access the NT resources.

2.15.4 See Also

MS KB 306733 (HOW TO: Create a Trust Between a Windows 2000 Domain and a Windows NT 4.0 Domain), MS KB 308195 (HOW TO: Establish Trusts with a Windows NT-Based Domain in Windows 2000), MS KB 309682 (HOW TO: Set up a One-Way Non-Transitive Trust in Windows 2000), MS KB 325874 (HOW TO: Establish Trusts with a Windows NT-Based Domain in Windows Server 2003), and MS KB 816301 (HOW TO: Create an External Trust in Windows Server 2003)


Previous page
Table of content
Next page
Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456
Authors: Laura E. Hunter, Robbie Allen
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
MySQL Clustering
Cisco CallManager Fundamentals (2nd Edition)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Web Systems Design and Online Consumer Behavior
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy