none
Setting up a trust between two domains/forests

    Question

  • I have two domains:  AD.company.com, and geo.company.com.

    AD.company.com is at a 2008 R2 functional level for both domain and forest.

    geo.company.com is at a 2003 functional level for both domain and forest.

    In each domain's DNS, I have a primary AD-integrated forward lookup zone for the other domain, and a corresponding reverse lookup zone.

    I am trying to setup conditional forwarders, and I get the message "The server with this IP address is not authoritative for the required zone."

     

    Do the forward lookup zones have to be setup as secondary, instead of primary?  When I setup the primary for the other domain, the current domain ends up being the SoA, which I'm guessing is wrong, too.

     

    What I want in the end is a one-way trust, with geo.company.com trusting ad.company.com, so that user accounts in ad.company.com can access resources in geo.company.com

    Thursday, March 10, 2011 9:21 PM

Answers

  • The specific issue above has been resolved.

    Resolution:

    1)  Delete the primary forward lookup zone for the "other" domain.

    2)  Once that's done, the conditional forwarders installed with no issues.

    • Marked as answer by Joe Heaton Friday, March 11, 2011 12:11 AM
    Friday, March 11, 2011 12:11 AM

All replies