Trust Relationship W2000 <=> W2003

I have successfully created a trust relationship (external on transitive)
between 2 forests, one in Europe another in Asia.
Problem is AD in Europe is W2003 native and AD in Asia is W2000 mixed.
I am enterprise admin only in Europe forest.
I would like to be included in Domain Admins group in Asia forest, but Admin
in Asia is not able to place my account in their Domain Admins group.
However we are able to place user accounts from one domain into another when
folder permissions need to be set.(cross forest),
Any idea how we go around that problem ?
appreciate any inputs,
Thanks

 

It is not possible to establish forest trust between Win2000 and Win2003
forests. You must have both forests at Win2003 level minimum. The best you
can have is domain trust between two domains. In that case you must create
two one-way trusts:
Asia -> Europe = Asia trusts Europe (arrow points to users, ie users in
Europe can access resources in Asia).
Europe -> Asia = Europe trusts Asia (arrow points to users, ie users in Asia
can access resources in Europe).

To be able to do group nesting, ie place global group in one domain to
global group in another domain, the minimum domain functional level must be
Windows 2000 native (ie if it is Win 2000 mixed, it won't work).


"PauloG" <PauloG@discussions.microsoft.com> wrote in message
news:977C615D-1688-4A19-935E-53FAD5671762@microsoft.com...
>I have successfully created a trust relationship (external on transitive)
> between 2 forests, one in Europe another in Asia.
> Problem is AD in Europe is W2003 native and AD in Asia is W2000 mixed.
> I am enterprise admin only in Europe forest.
> I would like to be included in Domain Admins group in Asia forest, but
> Admin
> in Asia is not able to place my account in their Domain Admins group.
> However we are able to place user accounts from one domain into another
> when
> folder permissions need to be set.(cross forest),
> Any idea how we go around that problem ?
> appreciate any inputs,
> Thanks
>

 

Dusko

Tks so much for yr input...will try to elevate Asia domain to W2000 native
and see if it works..... brgds Paulo

"Dusko Savatovic" wrote:

> It is not possible to establish forest trust between Win2000 and Win2003
> forests. You must have both forests at Win2003 level minimum. The best you
> can have is domain trust between two domains. In that case you must create
> two one-way trusts:
> Asia -> Europe = Asia trusts Europe (arrow points to users, ie users in
> Europe can access resources in Asia).
> Europe -> Asia = Europe trusts Asia (arrow points to users, ie users in Asia
> can access resources in Europe).
>
> To be able to do group nesting, ie place global group in one domain to
> global group in another domain, the minimum domain functional level must be
> Windows 2000 native (ie if it is Win 2000 mixed, it won't work).
>
>
> "PauloG" <PauloG@discussions.microsoft.com> wrote in message
> news:977C615D-1688-4A19-935E-53FAD5671762@microsoft.com...
> >I have successfully created a trust relationship (external on transitive)
> > between 2 forests, one in Europe another in Asia.
> > Problem is AD in Europe is W2003 native and AD in Asia is W2000 mixed.
> > I am enterprise admin only in Europe forest.
> > I would like to be included in Domain Admins group in Asia forest, but
> > Admin
> > in Asia is not able to place my account in their Domain Admins group.
> > However we are able to place user accounts from one domain into another
> > when
> > folder permissions need to be set.(cross forest),
> > Any idea how we go around that problem ?
> > appreciate any inputs,
> > Thanks
> >
>
>