Directory and Resource Administrator 6.x
Directory and Resource Administrator 7.x
Windows 2003 domain
Windows 2000 SP4
Error: 'The trust relationship between the primary domain and the trusted domain failed'.
An error occurs when trying to add a managed domain in Directory and Resource Administrator.
The cause of this issue is due to a new security setting, called SID Filtering, introduced in Windows 2000 SP4 and 2003 when enabling trusts .
To resolve this issue:
- Use an override account for the domain that you wish to add.
- Change the trust to be a two way trust instead of a one way trust.
- Turn off SID filtering (not recommended).
More information about SID filtering can be found at:
White Paper: Using Security Identifier (SID) Filtering to Prevent Elevation of Privilege Attacks
Microsoft Security Bulletin MS02-001