locked
DNS Global Names Zone and NT4 trusts RRS feed

  • Question

  • We are upgrading one of our customers Forests from 2003R2 to 2008R2, and in reviewing the requirement for WINS this subject has arrisen.

    Currently there are trusts to NT4 domains, and will continue until they are all migrated.

    Is it possible to leverage the DNS Global Names Zone to do the resolution of the NT4 PDC when creating a trust, or is WINS still required in this case.

    Currently we format an lmhosts file as per http://support.microsoft.com/kb/314108 and import the record into WINS that is running on the core DC's

    ( I am aware that you can use an LMHosts file as well on the DC's, but would prefer not to)

     

    Many thanks

    Thursday, January 13, 2011 12:03 PM

Answers

  • Hi Robarts,

     

    Thanks for posting here.

     

    I think the name resolution for domain trust between Windows server 2008 R2 forest and Windows NT domain is same as Windows server 2000 and 2003’s that NetBIOS or WINS is still required.

     

    How to establish trusts with a Windows NT-based domain in Windows Server 2003

    http://support.microsoft.com/kb/325874

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, January 14, 2011 8:17 AM

All replies

  • Hi Robarts,

     

    Thanks for posting here.

     

    I think the name resolution for domain trust between Windows server 2008 R2 forest and Windows NT domain is same as Windows server 2000 and 2003’s that NetBIOS or WINS is still required.

     

    How to establish trusts with a Windows NT-based domain in Windows Server 2003

    http://support.microsoft.com/kb/325874

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, January 14, 2011 8:17 AM
  • Your bigger problem is that NT 4.0 external trusts are no longer supported in 2008 R2. 

    Here is an MS Resource you can refer to:

    http://support.microsoft.com/kb/942564

    "Important Windows NT 4.0 trusts cannot be created between Windows Server 2008 R2-based domains and Windows NT 4.0-based domains. The workaround steps that are documented later in this article apply to only Windows Server 2008. Security changes that are in Windows Server 2008 R2 prevent a trust between Windows Server 2008 R2-based domains and Windows NT 4.0-based domains. This behavior is by design."

     


    Visit: anITKB.com, an IT Knowledge Base.
    Friday, January 14, 2011 1:29 PM