Unable to Bring Up the User List from a Windows NT 4.0 Trusted Domain on a Windows 2000-Based Server

Article translations Article translations
Article ID: 291684 - View products that this article applies to.
This article was previously published under Q291684
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

SUMMARY

When you attempt to add users from a Microsoft Windows NT 4.0 trusted domain to a local group on a Windows 2000-based member server that is a member of a Windows NT 4.0 domain, you may receive the following error message even though Windows NT 4.0-based computers in the same domain are able to bring up the list:
The specified domain does not exist.

MORE INFORMATION

In Windows NT 4.0, member servers that attempt to assign trusted domain entities to shared resources, contact the domain controller with which they have a secure channel to obtain the entity lists of the trusted domain. The domain controller that owns the secure channel in turn contacts a domain controller in the trusted domain for the list of entities. In Windows 2000, this behavior has changed slightly. The initial verification of the domain trust is performed by means of the secure channel (as has been performed in a Windows NT 4.0 environment).

The actual entity list, however, is obtained directly by the Windows 2000-based server that requests the list from the primary domain controller (PDC) of the trusted domain. The Windows 2000-based computer that requests the list of entities must be able to resolve and contact the PDC in the trusted domain. This requirement means that the Windows 2000-based computer must be able to use NetBIOS name resolution to resolve the NetBIOS 0x1B for the trusted domain which points to the PDC. Some methods of NetBIOS name resolution use the Windows Internet Name Service (WINS) and Lmhosts files.

In addition to the name resolution that is required, the correct trust relationship must enable the Windows 2000-based computer to make a computer account-authenticated connection to the PDC of the trusted domain as Windows 2000 cannot create a null session to the trusted domain.

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
163409 NetBIOS Suffixes (16th Character of the NetBIOS Name)
180094 How to Write an Lmhosts File for Domain Validation and Other Name Resolution Issues

Properties

Article ID: 291684 - Last Review: October 23, 2013 - Revision: 3.3
APPLIES TO
  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Service Pack 1
Keywords: 
kbnosurvey kbarchive kbinfo kbtrusts KB291684

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com