Return to index


<Note. The following is related to pre-Win2k domains. A Win2K only environment doesn't require NetBIOS and uses different IP ports.>

To establish and maintain a trust, the PDC of the trusting domain must be able to locate and establish NetBIOS sessions with the PDC of the trusted domain. To handle pass through validation, all DCs of the trusting domain must be able to locate and establish NetBIOS sessions with at least one DC from the trusted domain. For this, you will need IP connectivity, NetBIOS connectivity, and NetBIOS name resolution.

NetBIOS name resolution: To locate domain controllers, 2 names are used:

"domainname 1C" is a group name. All domain controllers register their IP under this name for their domain. This name is queried to obtain a list of domain controllers for a particular domain.

"domainname 1B" is a unique name. Only the PDC registers this name for a given domain. The name can be queried to specifically locate the PDC of a particular domain.

You must provide a means for the domain controllers of the trusting domain to resolve these names. You can do this through either lmhosts or WINS. If you use lmhosts, the entries might look something like:

DomA_PDC's lmhosts: DomB_PDC #PRE #DOM:DomB "DomB \0x1b" #PRE


DomB_PDC's lmhosts: DomA_PDC #PRE #DOM:DomA "DomA \0x1b" #PRE


IP connectivity: The PDCs must be able to route packets to one another. If you are using some form of IP translation between them, the device providing this will need to be able to redirect the appropriate packets to the PDC.

NetBIOS connectivity: With the exception of a Win2k only network, MS networking functions rely on NetBIOS connections. In a TCP/IP environment, NBT (NetBIOS over TCP/IP) is used to provide this connectivity. Trusts require the use of unicast on all 3 NBT ports (UDP 137, 138, & TCP 139). You will need to ensure that the DCs can connect to each other on these ports.