We are moving from an NT domain to an AD. We are not upgrading the NT
Domain. We built a new AD and have been transferring users and groups via
ADMT out of the old into the new. At first the trust worked fine. But, we
had a login problem in the AD that was caused by a UDP tranmission problem
involving the LDAP port (389). We applied a workaround by setting the
MaxPacketSize on Kerberos UDP transmissions to 1, thus forcing it to use TCP
communications. That fixed our login problem. The fix is from
http://support.microsoft.com/default...b;en-us;244474. But, since
then our trust has partially stopped working. ADMT can not find the domain
controller in the old network anymore. In fact, the DC's on either side
report that they can't communicate with each other. However, I can still
login to one domain and share resources in the other. When I try to verify
the trust in Active Directory Domains and Trusts, I get and error message
saying that it can't find the domain controller in my old network. But, I
can ping it by name just fine. Nslookup works fine as well. Could the UDP
packet size fix be at the bottom of my communication problem between domain
controllers in the separate domains? Is at least some of the communications
between the trusting domain's dc's done via 389/udp? If not, what could
cause a trust to stop working correctly? BTW: I've double checked the setup
that I got from Microsoft's website to initially set the trust
http://support.microsoft.com/default...b;en-us;306733. It's still
setup as its described in the article.
