Question about Microsoft Windows Server Standard 2003 for PC

2 Answers

Is PDC required to create trust between 2 AD 2003 forests.

I want to create one way trust between two 2k3 forests , do I require that PDC be used to create trust as I have a DC in the transition network....on both sides.....

Posted by on

2 Answers

  • Level 1:

    An expert who has achieved level 1.

    Problem Solver:

    An expert who has answered 5 questions.

  • Contributor
  • 5 Answers
Re: Is PDC required to create trust between 2 AD 2003...


The PDC is indeed required for the trust creation but you really dont need to move any of your FSMO roles to any other site or domain controller. As per you post what i understand is, both of your forests can see each other. First of all I would like to understand what does that mean.
Here are my questions to you:
Do you have DNS configured on both forests correctly? Every trusted and trustee forest should own a replica of its trusted/trustee forest.
Are you trying to create trust between two forests or two domains within the same forest?
When you say you may need to move PDC role to both forests, what do you mean by that? A PDC role is unique to every forest. You can not move a PDC role of forest to forest it wont allow you to do so.

Posted on Jul 27, 2008

  • Level 2:

    An expert who has achieved level 2 by getting 100 points


    An expert that gotĀ 5 achievements.


    An expert whose answer gotĀ voted for 20 times.


    An expert who has answered 20 questions.

  • Expert
  • 118 Answers
Re: Is PDC required to create trust between 2 AD 2003...

1. Open Active Directory Domains And Trusts from Administrative Tools.
2. In the console tree pane, select and right-click the domain node for the forest root for which you want to create a trust.
3. Select Properties.
4. Select the Trusts tab in the Properties dialog box.
5. Click New Trust and click Next (skip the Welcome screen).
6. On the Trust Name page, enter the DNS name of the target domain for your trust (for our example, it is and click Next.
7. Select Forest Trust on the Trust Type page and click Next. (If the Forest Trust option is missing, you may have omitted one of the prerequisites. In that case, double-check the DNS Forwarders tab and the forest functional level of all the domains in both forests.)
8. Choose a direction for the trust relationship: Two-Way, One-Way Incoming, or One-Way Outgoing.

  • Two-Way: All users in both forests will be able to access all resources in both forests.
  • One-Way Incoming: All users in this forest will be able to access all resources in the other forest but not vice versa.
  • One-Way Outgoing: All users in the target forest will be able to access all resources in this forest but not vice versa.
After you’ve chosen, click Next.
    9. Resource access is still governed by permissions in the domain where the resource exists. The trust direction provides access to all resources where permissions allow access. Select the sides of the trust relationship: This Domain Only or Both This Domain And The Target Domain.
    • This Domain Only: Creates the trust relationship in this domain only; an administrator on the other end will have to complete the other trust.
    • Both This Domain And The Target Domain: Requires sufficient access in the remote domain and will allow you to complete the trust setup.
    10. Select the appropriate path, depending on the choices you made in the previous two steps.
    • If you chose Two-Way or One-Way Outgoing in step 8 and This Domain Only in step 9, you will need to select a trust authentication level. Domain-Wide Authentication will authenticate all users in the remote forest for all resources in the local forest. Choosing Selective Authentication will allow you to specify which users in the remote domain have access to local resources. Click Next. Enter a password for the trust and click Next.
    • If you chose One-Way Incoming in step 8 and This Domain Only in step 9, enter the password for the trust in the Trust Password and Confirm Password boxes. Click Next.
    • If you selected both domains (this domain and the selected domain) in step 9, a username and password box will appear to allow you to enter the username and password of an administrator account in the target forest. Click Next.
    11. On the next screen, verify all of your selections. When you click Next, the wizard creates the trust. Verify the settings of the new trust.
    12. Confirm the outgoing trust. Select Yes if you created both sides of the trust; select No if you did not.
    13. Click Finish in the Creating The Trust wizard.
    The new trust will appear on the Trusts tab in the Properties dialog box for the domain.

    For More information

    Posted on Nov 17, 2007

    Add Your Answer

    0 characters

    Uploading: 0%


    Complete. Click "Add" to insert your video. Add


    3 Points

    Related Questions:

    1 Answer


    In MYOB Accounting, try to create a company file. After filling in the required details about your company, you will be taken to a page "Build your accounts list". You have an option to choose a list provided by MYOB, Select the Industry classification "All" and then choose Type of Business, the closest I can see is Electical Contractos. Is that what you looking for?

    Aug 04, 2009 | Operating Systems

    1 Answer

    Windows 98 crashes while I am accessing a share from a server

    The OS may not be compatible for Server 2003, The best thing that you can do here is to upgrade your operating system to Windows XP or Windows Vista for full compliant on Networking.

    Jul 29, 2009 | Microsoft Windows 98 Second Edition OEM...

    3 Answers

    Can i window vista install in 512mb ram?

    Windows Vista recommended system requirementsWindows Vista Home Basic
    • 1 GHz 32-bit (x86) or 64-bit (x64) processor
    • 512 MB of system memory
    • 20 GB hard drive with at least 15 GB of available space

    Home Premium / Business / Ultimate
    • 1 GHz 32-bit (x86) or 64-bit (x64) processor
    • 1 GB of system memory
    • 40 GB hard drive with at least 15 GB of available space

    Jul 11, 2009 | Microsoft Windows XP Professional

    1 Answer

    How to take a back up for active directory?

    there is no backup for Active Directory only. you can backup the PDC or the BDC as a whole. or to backup the system state data.

    Active Directory is same as registry. backup the AD will help you any when the machine goes down. you don't have the link to all of the services.

    Dec 04, 2008 | Microsoft Windows Server Standard 2003 for...

    1 Answer

    Active directory

    An application directory partition is represented by a domainDNS object with an instanceType attribute value of DS_INSTANCETYPE_IS_NC_HEAD combined with DS_INSTANCETYPE_NC_IS_WRITEABLE. This domainDNS object represents the application directory partition root (NC head), and is named similar to a regular domain partition, for example, "DC=dynamicdata,DC=fabrikam,DC=com", which corresponds to a DNS name of "". An application directory partition can, therefore, be instantiated anywhere a domain partition can be instantiated. There is no NetBIOS name associated with an application directory partition.

    It is possible to nest application directory partitions, that is, an application directory partition can have child application directory partitions. Searches with subtree scope rooted at an application directory partition head will generate continuation references to the child application directory partitions.

    An application directory partition replica can only be created on a domain controller that is running on Windows Server 2003 and later and only while the Domain-Naming FSMO role is held by a Windows Server 2003 and later domain controller. In a mixed forest that has both Windows Server 2003 domain controllers and down-level domain controllers (Windows 2000 domain controllers or Windows NT 4.0 primary domain controllers), an attempt to create an application directory partition replica on a down-level domain controller will fail.

    An application directory partition also has a corresponding crossRef object in the Partitions container of the configuration partition. The crossRef can be pre-created manually before creating the domainDNS object. The pre-created crossRef object must have the attribute values shown in the following table or the partition creation will fail. If the crossRef object does not exist, the Active Directory server will create one when the application directory partition is created.

    Jul 09, 2008 | Microsoft Windows Server Standard 2003 for...

    1 Answer


    what is different between workgroup and domain

    Jul 02, 2008 | Microsoft Windows Server Standard 2003 for...

    1 Answer


    Some bus resets are required before you see devices available as quorum elements.

    Those IP addresses can be different. Using IPv6 I hope....

    SQL server can do clustering its own way or use the Enterprise Server base (or third party stuff.)

    Hey, you can't ask MSDN forums everything or cite the machines and architectures you hope to achieve, right?

    Jun 09, 2008 | Microsoft Windows Server Standard 2003 for...

    1 Answer

    What is global catlog & how it works

    The first domain contoller in a network is a global catlog server
    global catlog do the replication in the forest and it require to create any object in the forest if global catlog is not availiable we cannot create any object

    May 30, 2008 | Microsoft Windows Server Standard 2003 for...

    2 Answers

    Diffrences between win 2000 & win 2003 ?

    Hi Sir Nice quition see what is the diffrences between win98 and XP u know sir ''''''''''' see below
    ********* win2000server and 2003 diffrence men Security and advanced server Tools is their ok byy*********

    Apr 18, 2008 | Microsoft Windows Server Standard 2003 for...

    2 Answers

    First timer installing a Server network

    Well i'm just going to start where i would start. First off, how do your machines on the network get their IP? DHCP?

    Is the first listed DNS server the AD server?

    Also make sure your using case sensitive domain information when your trying to connect. It is rare but i have had that be my trouble.

    I have remote software available and would love to help you fix this hands on if possible. I live for network problems ;)

    Sep 29, 2007 | Microsoft Windows Server Standard 2003 for...

    Not finding what you are looking for?
    Microsoft Windows Server Standard 2003 for PC Logo

    1,055 people viewed this question

    Ask a Question

    Usually answered in minutes!

    Top Microsoft Operating Systems Experts

    Brian Sullivan
    Brian Sullivan

    Level 3 Expert

    27725 Answers

    Scott Fryer

    Level 2 Expert

    80 Answers

    Alex Krenvalk

    Level 2 Expert

    401 Answers

    Are you a Microsoft Operating System Expert? Answer questions, earn points and help others

    Answer questions

    Manuals & User Guides