I have two domains: AD.company.com, and geo.company.com.
AD.company.com is at a 2008 R2 functional level for both domain and forest.
geo.company.com is at a 2003 functional level for both domain and forest.
In each domain's DNS, I have a primary AD-integrated forward lookup zone for the other domain, and a corresponding reverse lookup zone.
I am trying to setup conditional forwarders, and I get the message "The server with this IP address is not authoritative for the required zone."
Do the forward lookup zones have to be setup as secondary, instead of primary? When I setup the primary for the other domain, the current domain ends up being the SoA, which I'm guessing is wrong, too.
What I want in the end is a one-way trust, with geo.company.com trusting ad.company.com, so that user accounts in ad.company.com can access resources in geo.company.com
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.