Ok, so when you are trying to set up the domain, you would only specify the "domain.com", not the FQDN of a DC in the other domain. You indicated that you are trying to set up a forest trust. Forest trusts are supported in 2003 and later native mode. You need to go back to your AD domain(s) and make sure they are at the forest functional level to support forest trusts. Once you get the error, and are prompted about kerberos v5, cancel it. Continuing on that is not going to help. Sounds like a functional level problem. Guides and tutorials, visit ITGeared.com. Why did it work when we tried to create trust with the one domain with .LOCAL and the others fail that are .COM?

Did you check to see if the forest with the .local extention was at the appropriate forest functional level? I suspect that this one is, but the others are not. Please go back and verify this. Guides and tutorials, visit ITGeared.com.

Did you check to see if the forest with the .local extention was at the appropriate forest functional level? I suspect that this one is, but the others are not. Please go back and verify this. Guides and tutorials, visit ITGeared.com. Yup just checked them all they are at the highest level and all using 2008 R2. Even checked the two domains that trust is already on the cardealership1.com and mon.local

I have around 15 doamins all have a different NETBIOS name but when I try to create trust i get an error saying it could not be completed on this domain. I have set the conditional forwarders on each domain for all the other domains already the only domain that i can get to gain trust is the one with .LOCAL all the others are cardealership1.com and cardealership2.com and so on they are all using .com and not .LOCAL. Checked and the SID is different on all of them.. any thoughts?

Prior to trying to establish the trusts, you have validated that DNS name resolution is working as you expected? Try to resolve each others SRV records. Guides and tutorials, visit ITGeared.com.

Prior to trying to establish the trusts, you have validated that DNS name resolution is working as you expected? Try to resolve each others SRV records. Yeah, could do a NSLOOKUP to make sure the forwards were working and i can ping. Guides and tutorials, visit ITGeared.com.

you mentioned NetBIOS names. However, when creating the trust you are unable to create the trust via the FQDN?Guides and tutorials, visit ITGeared.com.

you mentioned NetBIOS names. However, when creating the trust you are unable to create the trust via the FQDN? Guides and tutorials, visit ITGeared.com. When I go to New Trust I put in ODC-name.domain.com it says "The name you specified is not a valid Windows domain. Is the specified name a Kerberos V5 realm?" If I select "Trust with a Windows Domain" and use the ODC-name.domain.com it fails and says domain does not exist. But if i put in just domain.com it finds it and asks me how I want to setup the trust but in the end fails with "Cannot be performed on this domain" This domain: cardealership1.com Specified domain: cardealership2.com Direction: Two-way: Users in the local domain can authenticate in the specified domain and users in the specified domain can authenticate in the local domain. Trust type: Forest trust Transitive: Yes Outgoing trust authentication level: Forest-wide authentication in local and specified forests. Sides of trust: Create the trust for both this domain and the specified domain.

Ok, so when you are trying to set up the domain, you would only specify the "domain.com", not the FQDN of a DC in the other domain. You indicated that you are trying to set up a forest trust. Forest trusts are supported in 2003 and later native mode. You need to go back to your AD domain(s) and make sure they are at the forest functional level to support forest trusts. Once you get the error, and are prompted about kerberos v5, cancel it. Continuing on that is not going to help. Sounds like a functional level problem. Guides and tutorials, visit ITGeared.com.

Hi, If there are two domains in two forests, you need to configure the DNS Server for communication between domains, you have three options to provide cross-forest name resolution below: l conditional forwarders l secondary zones l stub zones After that, you need to create a forest trust manually. For more information, please read: Checklist: Creating a forest trust from the following link: http://technet.microsoft.com/en-us/library/cc756852%28WS.10%29.aspx For more information about accessing resources across domains, please refer to the following link: http://technet.microsoft.com/en-us/library/cc787646(WS.10).aspx Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.