# Solved: Authentication required to access Trusted Domain ??



## karl_009 (Oct 9, 2007)

Hi,

Where doing a migration of are AD to a new server so am following the way Microsoft recommends have had some success doing it, but that was just a quick test run.

Here is where am up to I have DNS resolution between the old and new domains; I have set up a two way trust validated on both sides. 

OLDDOM - Old Domain
NEWDOM - New Domain

Here is the problem am having;

On the OLDDOM I can browse via the AD to the NEWDOM's AD however when am on the NEWDOM's AD it asks me for a username and password when I try and browse the OLDDOM's AD even when I type them in it says there wrong but this should not happen with the trust in place.

During the test run this did not happen.

Thanks for any help...


----------



## leroys1000 (Aug 16, 2007)

Sounds like you need to add the user accounts
to the new server.


----------



## karl_009 (Oct 9, 2007)

Hi,

What user accounts need to be added to the new server?

Thanks
Karl


----------



## LinuxHacker (Jan 1, 1970)

you're setting up a trust just to migrate an AD domain? why didn't you just install a new DC, transfer the master operations role to the new server, run a dcdiag from the old server then demote it? I've never heard of a trust being made to migrate AD.


----------



## karl_009 (Oct 9, 2007)

It is what I have been reading; this is the way Microsoft documentation say to do it.

Do you know where I could get some step-by-step guilds for the way you have said to do it?

Thanks


----------



## LinuxHacker (Jan 1, 1970)

you've been reading the wrong white page. you doing this on 2003 or 2008?


----------



## karl_009 (Oct 9, 2007)

Its between two 2003 servers.


----------



## LinuxHacker (Jan 1, 1970)

cant find one, but i did it today with 2 2008 boxes, it'll be the same for 2003. here's what you do.

add the active directory role to your new server, into existing domain/forest. after it reboots, open active directory users and computers. right click the root folder and select change domain controller. choose your old server. right click the domain name and select operations masters. under each tab select change and select your new server. install DHCP and DNS roles on the new server. configure your DHCP scope like the one on the old server. make the old server's DHCP scope inactice then make the new one active.

change all servers on your LAN to point to the new DNS server in their TCP/IP properties.

go to the old server and run dcdiag from command line. if everything passes run dcpromo.exe and remove active directory.


----------



## srhoades (May 15, 2003)

LinuxHacker said:


> cant find one, but i did it today with 2 2008 boxes, it'll be the same for 2003. here's what you do.
> 
> add the active directory role to your new server, into existing domain/forest. after it reboots, open active directory users and computers. right click the root folder and select change domain controller. choose your old server. right click the domain name and select operations masters. under each tab select change and select your new server. install DHCP and DNS roles on the new server. configure your DHCP scope like the one on the old server. make the old server's DHCP scope inactice then make the new one active.
> 
> ...


This.


----------



## karl_009 (Oct 9, 2007)

The company have also decided to change the domain name, will this work if the domain name is different??


----------



## LinuxHacker (Jan 1, 1970)

no it wont. if you want to change the domain name you will want to use the active directory migration tool. can't give you a walk through because i've never used it. it pretty much just copys all the objects instead of the entire schema.


----------



## karl_009 (Oct 9, 2007)

That&#8217;s what I have been using and to do it you need a turst and a few other things setup...

But I have found a work around for now, by opening up the other AD on the other domain using this;

runas /netonly /user:domain\userid "mmc dsa.msc /server=dc.in.other.domain

Then I have access to both AD's information and I have been able to complete the step that is required to move on and I have been able to migrate users groups and passwords...

So all is good...

Thanks for the help...


----------



## LinuxHacker (Jan 1, 1970)

no problem. how big is your network? might be easier to start from scratch. i would love to be able to do that. remove all past admin's mistakes haha.


----------



## karl_009 (Oct 9, 2007)

It&#8217;s not too big over 100 users but we are merging two sites together so there will only be one domain for both sites, so there are too domains to migrate over, that will bring are total to about 150 users across both sites.

Starting again was considered but the two file servers at both sites with all the permissions would take months to get right again so this will be faster in the end LOL...


----------

