Resolution
fact
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.x
fact
Windows 2003 domain
fact
Windows 2000 SP4
symptom
Error: 'The trust relationship between the primary domain and the trusted domain failed'.
symptom
An error occurs when trying to add a managed domain in Directory and Resource Administrator.
cause
The cause of this issue is due to a new security setting, called SID Filtering, introduced in Windows 2000 SP4 and 2003 when enabling trusts .
fix
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.x
fact
Windows 2003 domain
fact
Windows 2000 SP4
symptom
Error: 'The trust relationship between the primary domain and the trusted domain failed'.
symptom
An error occurs when trying to add a managed domain in Directory and Resource Administrator.
cause
The cause of this issue is due to a new security setting, called SID Filtering, introduced in Windows 2000 SP4 and 2003 when enabling trusts .
fix
To resolve this issue:
- Use an override account for the domain that you wish to add.
- Change the trust to be a two way trust instead of a one way trust.
- Turn off SID filtering (not recommended).
More information about SID filtering can be found at:
White Paper: Using Security Identifier (SID) Filtering to Prevent Elevation of Privilege Attacks
http://support.microsoft.com/default.aspx?scid=kb;en-us;810757
Microsoft Security Bulletin MS02-001
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-001.asp
Additional Information
Formerly known as NETIQKB34002