Skip to main content

Create a Two-Way, Forest Trust for Both Sides of the Trust (For Different Domain Forests)

Applies To: Windows Server 2008, Windows Server 2008 R2
You can this procedure to create both sides of a two-way, forest trust You must have administrative credentials for your forest as well as for the reciprocal forest. If you have administrative credentials only for your forest, you can use the procedure Create a Two-Way, Forest Trust for One Side of the Trust to create your side of the trust. Then, have the administrator for the reciprocal forest create a one-way, outgoing forest trust from his or her forest.
A two-way, forest trust allows users in your forest (the forest that you are logged on to at the time that you run the New Trust Wizard) and users in the reciprocal forest to access resources in any of the domains in either of the two forests.
You can create this forest trust by using the New Trust Wizard in the Active Directory Domains and Trusts snap-in.
Membership in Domain Admins in the forest root domain or Enterprise Admins in Active Directory Domain Services (AD DS), or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups If you are a member of the Incoming Forest Trust Builders group, you can create one-way, incoming, forest trusts to your forest. For more information about the Incoming Forest Trust Builders group, see How Domain and Forest Trusts Work.

To create a two-way, forest trust for both sides of the trust

  1. Open Active Directory Domains and Trusts.
  2. In the console tree, right-click the domain node for the forest root domain for which you want to establish a trust, and then click Properties.
  3. On the Trusts tab, click New Trust, and then click Next.
  4. On the Trust Name page, type the Domain Name System (DNS) name of the forest root domain of the other forest, and then click Next.
  5. On the Trust Type page, click Forest trust, and then click Next.
  6. On the Direction of Trust page, click Two-way, and then click Next.
    For more information about the selections that are available on the Direction of Trust page, see "Direction of Trust" in Appendix: New Trust Wizard Pages.
  7. On the Sides of Trust page, click Both this domain and the specified domain, and then click Next.
    For more information about the selections that are available on the Sides of Trust page, see "Sides of Trust" in Appendix: New Trust Wizard Pages.
  8. On the User Name and Password page, type the user name and password for the appropriate administrator in the specified domain.
  9. On the Outgoing Trust Authentication Level--Local Forest page, do one of the following, and then click Next:
    • Click Forest-wide authentication.
    • Click Selective authentication.
  10. On the Outgoing Trust Authentication Level--Specified Forest page, do one of the following, and then click Next:
    • Click Forest-wide authentication.
    • Click Selective authentication.
  11. On the Trust Selections Complete page, review the results, and then click Next.
  12. On the Trust Creation Complete page, review the results, and then click Next.
  13. On the Confirm Outgoing Trust page, do one of the following:
    • If you do not want to confirm this trust, click No, do not confirm the outgoing trust. Note that if you do not confirm the trust at this stage, the secure channel will not be established until the first time the trust is used by users.
    • If you want to confirm this trust, click Yes, confirm the outgoing trust, and then supply the appropriate administrative credentials from the specified domain.
  14. On the Confirm Incoming Trust page, do one of the following:
    • If you do not want to confirm this trust, click No, do not confirm the incoming trust.
    • If you want to confirm this trust, click Yes, confirm the incoming trust, and then supply the appropriate administrative credentials from the specified domain.
  15. On the Completing the New Trust Wizard page, click Finish.

Comments

Post a Comment

Popular posts from this blog

Bridging Ethernet Connections - Ubuntu/Fedora

Installing bridge-utils Adept Search for bridge-utils and choose the drop-down arrow on the left. Choose "request install". Konsole: Enter this into Konsole: sudo apt-get update sudo apt-get install bridge-utils If you use sudo -i and enter your password, then you will not have to use sudo before each command. It may also save you some typing in the future. Setting up the Bridge Ensure that both (or all) of your interfaces are installed and enabled. If they are then you may proceed at this point. For a few moments, if your computer is connected to the internet then it will be disconnected until a certain point is reached. Open Konsole and use the following commands. Note that when interfaces are referenced, they refer to device names assigned by linux such as "eth0" and "eth1". Also note that myBridge is the name of the bridge that you wish to have. This can be anything, but a simple name like bridge0 or bridge1 is s...
Post a Comment
Read more

Microsoft Active Directory

> What Intrasite and Intersite Replication? Intrasite is the replication within the same site & intersite the replication between sites. > What is lost & found folder in ADS? It’s the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn’t find the OU then it will put that in Lost & Found Folder. > What is Garbage collection? Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours. > What System State data contains? Contains Startup files, Registry Com + Registration Database Memory Page file System files AD information Cluster Service information SYSVOL Folder >What is the difference between Windows 2000 Active Directory and Windows 2003 Active Directory? Is there any difference in 2000 Group Polices and 2003 Group Polices? What is meant by ADS and ADS ser...
Post a Comment
Read more

What are the few major differences between 2003,2008 & 2012

2003-IIS 6.0 2008- IIS 7.0 2008R2- IIS-7.5 2012-IIS 8 ---------------------- 2003-32 AND 64 BIT AVAILABLE 2008-32AND 64BIT AVAILABLE 2008R2- ONLY 64BIT AVAILABLE 2012 - ONLY 64 BIT AVAILABLE ------------------------------------------ 2003 KERNAL VER. -5.2 2008 KERNEL-6.0 2008 R2-6.1 2012-6.2 ------------------------------------------ 2003- IE VERSION 6.0 2008- IE VERSION 7.0 2008 R2 IE VERSION 8.0 2012 IE VERSION 10.0 2012 R2 IE VERSION 11.0 ----------------------- 2003- AD ADMINISTRATIVE CENTER NOT AVAILABLE 2008- NOT AVAILABLE 2008 R2- AVAILABLE 2012- AVAILABLE -------------------------------------
Post a Comment
Read more