Special Edition Using Microsoft Active Directory

Troubleshooting

Creating Trusts Fails

Q1:

I can't create a trust between two domains.

When you are trying to create an explicit shortcut trust or an NTLM trust to an NT domain, the process might fail. Here are several issues to look for:

Network— Look for the obvious. Routing, addressing, and name resolution must be in place for trusts to work. Also, Kerberos trusts require an IP connection. If you can't ping the target domain controller by name, you probably won't be able to create a trust to it.
Permissions— Although, as shown in this chapter's example of creating a shortcut trust, you do not have to be logged on as a member of the Enterprise Admins group; doing so will cancel a number of permissions issues.
Time— Kerberos is time sensitive. If ...

Get Special Edition Using Microsoft Active Directory now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Special Edition Using Microsoft Active Directory by Sean Fullerton, James Hudson

Troubleshooting

Creating Trusts Fails

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly