locked
Trust Replationship between two domains with same name, but different NetBIOS name RRS feed

  • Question

  • Hello,

    I have a question regarding a trust relationship setting between same DNS domain name, but different NetBIOS Domain name.

    I have two independent forests and both forests contain a domain with same name, one.test.com.

    However, the NetBIOS Name of those domains is different.
    One is One.
    The other is One-NEW.

    When I try to setup the trust relationships between those two domains using the NetBIOS names, I got error message saying "the specified domain is the same domain in which the wizard is running" in "AD Domains and Trusts" and "the operation cannot be performed on the current domain" on netdom trust command.

    I would like to make a trust relationship between those two domains so I can migrate all accounts, and hopefully without renaming the domain.

    Can someone know if this is possible, and how ?

    Thursday, April 16, 2009 4:01 AM

Answers

  • Hi,

    Before the Local Security Authority (LSA) creates the trust, the LSA verifies the consistency of the parameters. Between the new trust partner and all other domains that are in the same forest as the trust partner, the following items must be unique:

    •    The NetBIOS name of the domain
    •    The fully qualified domain name (FQDN) of the domain
    •    The security identifier (SID) of the domain

    You cannot create the trust if one of the three items has duplicates.

    Based on your situation, I’m afraid you cannot create a Trust.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, April 17, 2009 10:24 AM

All replies

  • Hi,

    Before the Local Security Authority (LSA) creates the trust, the LSA verifies the consistency of the parameters. Between the new trust partner and all other domains that are in the same forest as the trust partner, the following items must be unique:

    •    The NetBIOS name of the domain
    •    The fully qualified domain name (FQDN) of the domain
    •    The security identifier (SID) of the domain

    You cannot create the trust if one of the three items has duplicates.

    Based on your situation, I’m afraid you cannot create a Trust.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, April 17, 2009 10:24 AM
  • Hello, Mervyn,

    Thank you for your reply! 
    I will think of renaming the domain then, but it will affect hundreds of users...
    Wednesday, April 22, 2009 1:50 AM
  • Hi,

    Thank you for your update.

    Domain rename is not a easy task. Hope the following guide would help you.

    Administering Active Directory Domain Rename
    http://technet.microsoft.com/en-us/library/cc794869.aspx

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, April 22, 2009 9:41 AM
  • Hello, Mervyn,

    Thank you for the link.

    Actually, renaming domain is quite easy. I just need to type  sevral commands.
    However, that's why I am hesitated. I have no idea what is going on behide that easy operation, and don't know how to troubleshoot.
    ..
    • Proposed as answer by bayareaitguy Sunday, May 31, 2009 4:20 AM
    Thursday, April 23, 2009 12:11 AM
  • fyi.. Renaming a Domain does not change the SID. You will find yourself running into the same problem as I have. 

    I'm trying to migrate User accounts from source domain to target domain. However, the target domain was originally part of the source domain and it was renamed. 

    As a result, I could not setup a TRUST because the prefix SID is the same on the Source and Target domains. 
    Sunday, May 31, 2009 4:24 AM

  • Hi

    We face currently a similar problem but to not have a answer yet.
    We have two forests, where one domain of each has the same NetBIOS name, but a different fully qualified domain name. Now we need to migrate the resources of the one domain into the other with the same NetBIOS name. Both domains are W2K8.
    We are still at the stage where we verifying the possibility of that task, but any help would be appreciated to do the right thing.

    Thanks Frank

    Sunday, January 17, 2010 7:01 PM
  • Is using Identity management or SSO a solution?

    Regards

    Jas


    Jaswinder Singh
    Wednesday, April 28, 2010 8:04 AM