Raj, I use the pre-windows 2000 domain name that AD Users and Computers properties reports. Say my registered domain name is mydomain.com. Then my internal AD domain is internal.mydomain.com. I enter "INTERNAL" into the add trusted box on NT4 Trust Relationships under User Manager for Domains. The registered external network is mydomain.com, my DNS servers are linux and have a zone for mydomain.com, the actual NT4 domain has a different name. I am wondering.... Can an external NT4 domain trust an internal W2K when they are connected by a stand alone W2K Server in an NT4 domain with ISA on it? If so, how? Thank you all for your assistance. I'm just not grasping how to set up my domains here. Stephen D. Pidgeon -----Original Message----- From: Periyasamy, Raj [mailto:psraj@xxxxxxxxxxxx] Sent: Monday, January 07, 2002 9:26 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to in ternal W2K AD domain http://www.ISAserver.org Stephen, When you add the AD domin in yoour NT 4 trusted domains, did you specify the pre-windows 2000 domian name or the FQDN such as 2000domain.com ? Regards, Raj -----Original Message----- From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx] Sent: January 06, 2002 7:09 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to internal W2K AD domain http://www.ISAserver.org Thank you Tom. I may have not stated my situation clearly. The ISA Server is a stand alone server in an NT40 domain that is a public subnet. ISA server is a member of the public domain, the private internal domain is W2K AD. When I tried ISA as a workgroup, it would only authenticate local machine accounts. I want ISA to authenticate the accounts that are users of the internal AD domain. I hope I said this clearly. Thank you for a quick response, but I'm still not clear on this Steve -----Original Message----- From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Sunday, January 06, 2002 5:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to internal W2K AD domain http://www.ISAserver.org Hi Stephen, You got your trust backwards! You want the ISA Server Windows 2000 domain to trust the NT domain. Otherwise, all heck might break loose :-) Trusts are very dependent on name resolution. NT uses NetBIOS and Windows 2000 DNS. HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx] Sent: Sunday, January 06, 2002 5:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA Server in NT4 domain with 1 way trust to internal W2K AD domain http://www.ISAserver.org I have ISA installed on W2KS in firewall mode as a member of an NT4 domain with a public TCP/IP subnet. I have a non-routable subnet behind the ISA Server which is a W2K AD domain. I want users to have authenticated access to the Internet from SecureNAT clients and/or Web Proxy clients. So, I want a one way trust. The NT4 domain trusts the W2K AD domain. This way ISA will authenticate users in the the internal AD domain. BUT...... When I try to add the internal W2K domain to the trusted domains on the PDC it cannot find the internal W2K AD domain, either before or after ISA is installed. If I think about this, that is as I would expect. How would the NT4 PDC find the W2K AD domain? BUT... Page 93 of Configuring ISA Server 2000 actually refers to explicit one-way trusts between the ISA Server domain and each of the other individual domains. It also visualizes the situation in figure 2.5 SO.... What am I missing? Or.... Can this not be done when ISA Server is in an NT 40 domain? Thank you for your assistance in advance. Stephen D. Pidgeon ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pidgeon@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: psraj@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pidgeon@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')