none
Trust domain with multiple domain in different forests

    Question

  • We have one central domain in one forest (ABC.COM) and multiple domains in multiple forests on sites.

    We need to manage (Complete Administration) all the Sites domains from ABC.COM domain and DNS from central domain.

    What is best way to achieve?

    --------------------------------------------------------------------------------------------------------

    I have tried one-way trust from ABC.COM to other domain, configured zone transfer but unable to resolve IPs of other domains through forwarders or conditional forwarders with error " the server with this ip is not authoritative for the required zone".

    Monday, March 13, 2017 8:32 PM

All replies

  • By complete administration you mean that you will use user account from ABC.COM domain to manage all other domains (AD, DNS, DHCP... ?)

    If it is what you want to achieve, you will need to create a trust between all domains and your ABC.COM domain.  This will require to resolve DNS.  Conditional forwarding is my first choice but it require to use the FQDN of other domain resources (no big deal for me).

    Then, you will need to add your user from ABC.COM domain in a Global or Universal group and add this group member of the other domain group (Local group of the other domain).  Like DNS Administrators, DHCP Administrators...


    This posting is provided AS IS without warranty of any kind

    Tuesday, March 14, 2017 12:32 AM
  • Hi,

    As mentioned above, I suggest you try to configure conditional forward for creating trust.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 14, 2017 2:14 PM
    Moderator
  • Thanks,

    I want a trust to manage all Domains from ABC.COM not vice versa.

    I can ping and resolve  to and from domains.

    I can add ABC.COM as Conditional Forwarder in other domains but unable to make conditional Forwarder in ABC.COM (Error Attached)


    • Edited by Genius1985 Wednesday, March 15, 2017 6:05 AM
    Wednesday, March 15, 2017 6:05 AM
  • Hi,

    I would also like to suggest to have an open AD port requirement  between those domains.

    https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

    determine that the Domain can be pingable from ABC.com domain.


    Aliyani Sabrey http://netoverme.wordpress.com

    Wednesday, March 15, 2017 6:34 AM
  • Hi,

    I encountered the similar issue. And the error could be ignored when creating conditional forward.

    It will not affect the DNS to resolve the domain name and IP address.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, March 15, 2017 7:20 AM
    Moderator
  • Hi,

    Are there any updates?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Sunday, March 19, 2017 2:10 PM
    Moderator
  • Also, if you have multiple DC's and all of them will use the same forwarders for this specific domain, you could check the "Store this conditional forwarder in Active Directory, and replicate it as it follow" box.  By doing so, all DC's in your Domain or Forest (depend what you select) will have this information.


    This posting is provided AS IS without warranty of any kind

    Sunday, March 19, 2017 2:29 PM
  • Hi,

    If the above reply has resolved your problem, please mark it as answer as it would be helpful to anyone who encounters the similar issue.

    Thank you.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 23, 2017 11:56 AM
    Moderator