Wednesday, 12 September 2007

The Joys of NT4

"I've got a challenge for you."

(Any conversation that starts off like that is unlikely to end well.)

"I can't see any of your users from our NT4 domain."

Me: I'll see what I can do.

The problem, of course, is that althrough we are running AD domains which are part of the same AD tree, there is no trust relationship set up for us with their old NT4 domain. Trying to set up the trust is likely to end in tears, unless you remember that the trusts rely on LMHOSTS to contact the other domain rather than DNS.

Editing the LMHOSTS file (%windir%\system32\drivers\etc\lmhosts) is not the easiest thing to do, unless you go here and use this page to generate the information you'll need to add to the LMHOSTS file on the domain controllers for both domains.

Basically you need to enter the unqualified domain name, the PDC and its IP address. This is pasted into the LMHOSTS file. Once you've updated the LMHOSTS, open a command prompt and type "nbtstat -R" to reload the LMHOSTS information. At this point you should be able to establish the trust relationship without any difficulties.

No comments: