How do I set up a two way trust between a Windows 2000 DC and a NT 4 PDC. I haven't done anything with trusts in a while and need a quick refresher. Thanks. Dan

You don't set up a trust between domain controllers, you set up a trust between domains. I assume that is what you meant but I have had people think the DCs have trusts. Anyway, you do it in Active Directory Domains and Trusts on the Windows 2000 domain, and you use UserManager for Domains in Windows NT. Make each domain Trusted and Trusting in the setup and you should have it. Good Luck

Dan, What you'll need to do is provide each server with a method of name resolution for the other. Whether this be by adding a DNS entry or updating hosts/lmhosts file... either way you'll need to provide the IP to name address mapping. Then in the Windows NT box. You'll need to go in User Manager for Domains and (this is off the top of my head so directions may be a little off) one of the options is trusts. Go in and set the Windows 2000 domain as "trusted". Then go to the Windows 2000 server and go into Active Directory Domains and Trusts. Then find your Windows 2000 domain that you want to establish the trust with... right click, choose properties, and you'll see a trusts tab in the properties. Add the NT4 domain name to the "domains that trust this domain" (this establishes the first ONE-WAY trust, now you'll need to do the same again to establish the other ONE-WAY trust which creates a "two-way" trust) add the NT4 domain to the "domains that this domain trusts" list then go back to NT4 server and add the Windows 2000 domain to the trusting domains list. Now you've set up the second ONE-WAY trust and now have a TWO-WAY trust. ;) Allow 24 hours for proper connection. This can be a pain in the a@@ if you're having problems getting domain name resolution. When it all boils down to it if you can't get the domains to find each other. make the entry in each hosts file for the name resolution and make sure to include the syntax to specify as a domain controller. then from a command prompt run nbtstat -R (CAPITAL R NOT lowercase r) to reload the name cache and try again. Good Luck, Mike

Glen, you assumed properly about having two domains trust each other, I just worded it wrong. Thanks for your help and you too Mike.

Well, with all your help, it still doesn't work. It seems the NT domain sees the 2000 domain, but not visa versa. The 2000 DC keeps saying that it cannot contact the domain we specified (the domain that has the NT 4.0 servers). We set up the hosts and lmosts files on both servers, ran the nbtstat -R and the servers can ping each other. We also put the 2000 server in the trusted servers on the NT domain. Any other ideas? Thanks

You need to have both servers register with a WINS server to make this work. Try setting up WINS in both domains and have them replicate their information to each other. I think that will fix your problem.

Guys.. I take this chance to ask a question as I don't know which direction to go for in order to search for an answer(workgroups,domains,Trust). Anyway, our company's network has a domain on Win2k and all eployees are members in it. What I need to do is to create a workgroup that only engineers in the financial. dept. can join while they are already loged on to the original domain so that more security is implied and shares are left full on PC without concern about security with the other employees in the company. Please advise me and I am willing to learn. Thank you