You cannot create a forest trust between a Windows 2000 and Windows 2003
forests; however, you can create domain trusts; the difference is you would
have to create an explicit trust for each domain. It's more work and
potentially more on going administrative overhead but should satisfy any
authentication requirements for your applications.
"Mark M." wrote:
[Quoted Text] > Hello, I'm wondering if this is even possible to create a cross-forest trust
> between a Windows Server 2000 domain (domainname1) and a Windows Server 2003
> domain (domainname2). I have applications that currently rely on domainname1
> for authentication. We are migrating from the 2000 domain (domainname1) to a
> brand new server 2003 domain (domainname2). We are going to be migrating
> groups of users from domainname1 to domainname2, however, the caveat is that
> we can not move the application servers to the new domain until EITHER after
> everyone has been migrated to the new domain, OR before everyone has been
> migrated. After doing some online research, it looks as though a
> cross-forest domain trust in not possible.
>
> Now, that being said, I know some of the replies are going to say something
> along the lines of, "Why don't you just upgrade the existing domain
> controller to 2003?" Since our organization changed names, and we will
> eventually be a child domain of our parent company's domain, we thought this
> would be a good time to change our existing domain name. We have also
> purchased new hardware for a technology refresh.
>
> The second and subset question is: Does it truly make more sense to upgrade
> the Server 2000 domain to a Server 2003 one, impliment the cross-forest
> trusts, migrate the application servers and workstations to the new domain
> (domainname2), then decommission the old domain?
>
> Thank you for any input.
> --
> -Mark
|