none
Setting up Domain trust issue RRS feed

  • Question

  • So I have what you would call a soup sandwich. Yeah you can eat it but it's a freaking mess.  I inherited this from a real peach of a sys admin.

    Current Domain has a disjointed namespace, net bios domain name is ABC-xx  and the FQDN is xxxx.ABC.org

    I want to bring a all new site abc.org up and then migrate the users and mailboxes over to new site. 

    I have a problem though, when setting up trust from new abc.org to abc.xx or xxx.abc.org one of my zones in the old domain is abc.org, and i have an authoritative DNS already there from the a non-parent domain that I am guessing someone just added as a AD integrated Domain.  So when I try to trust from new abc.org to xxx.abc.org i can hit the authoritative DNS and now worries, but when I try to do the other side, it gets confused because in a sense there are two abc.org's and it's finding the wrong DNS as the authoritative one.  I don't know if any of this makes sense, but HELP! Is it possible or even practical to setup a rtust with non-authoritative DNS?

    Or would it be better to just run away and let 24 years of piss poor Systems administration burn to the ground?

    Wednesday, April 1, 2015 7:00 PM

Answers

  • I would see it that way:

    • Remove the zone named abc.org in your new domain (I assume here that only DCs are registered)
    • Create a secondary DNS for abc.org on a DC in abc.org domain where it will take copy of the zone abc.org hosted on xxx.abc.org DC/DNS servers
    • Make the secondary DNS zone a primary one that is AD-Integrated and replicated to all DCs in your new abc.org forest. Make sure that the DNS zone accepts secure dynamic DNS updates
    • Remove the DNS zone abc.org from your DCs in xxx.abc.org
    • Run ipconfig /registerdns on DCs in your abc.org domain to force them to re-register their DNS records
    • Configure conditional forwards between both domains and create the trust relationship

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Wednesday, April 1, 2015 8:41 PM
  • Hi,

    Any update about the issue?

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Marked as answer by dfarris Friday, November 17, 2017 2:21 PM
    Tuesday, April 7, 2015 6:45 AM
    Moderator

All replies

  • I would see it that way:

    • Remove the zone named abc.org in your new domain (I assume here that only DCs are registered)
    • Create a secondary DNS for abc.org on a DC in abc.org domain where it will take copy of the zone abc.org hosted on xxx.abc.org DC/DNS servers
    • Make the secondary DNS zone a primary one that is AD-Integrated and replicated to all DCs in your new abc.org forest. Make sure that the DNS zone accepts secure dynamic DNS updates
    • Remove the DNS zone abc.org from your DCs in xxx.abc.org
    • Run ipconfig /registerdns on DCs in your abc.org domain to force them to re-register their DNS records
    • Configure conditional forwards between both domains and create the trust relationship

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Wednesday, April 1, 2015 8:41 PM
  • Hi,

    Any update about the issue?

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Marked as answer by dfarris Friday, November 17, 2017 2:21 PM
    Tuesday, April 7, 2015 6:45 AM
    Moderator