none
how i make trust between tow domains in different forests RRS feed

すべての返信

  • Create an External trust in each domain if you want to have a two-way trust. External is the only trust method that allows you to trust a single domain in a forest without trusting the whole forest.
    2019年9月19日 19:38
  • Hello,

    Thank you for posting in our forum.

    According to your description, we want to create a relationship between two domains in different forests.

    Based on my experience, we can create one External trust.

    First we need to set up a secondary zone or conditional forwarder.

    1.if we need set up a Secondary Zone, we can do the following steps:

    We have a domain: sun .local, DC IP:192.168.2.50;
     and have another domain: moon .local,DC IP:192.168.3.5.

    (1)On the DC in the domain: sun. local, open DNS Manager ,right-click ”Forward Lookup Zones”, and select” New Zone”. 


     
    (2)select “Secondary Zone”,Next.

     
    (3)Type another domain name(moon.local),Next.


     
    (4)Type another domain’s DC IP(192.168.3.5)


     

    We should do the same steps on DC in another domain.


    2.if we set up a Conditional Forwarders on DC in domain “sun.local”,
    (1)right-click “Conditional Forwarders”, select ”New Conditional Forwarders” .
    DNS Domian: MOON.LOCAL

    IP Address:192.168.3.5

     
    We should do the same steps on DC in another domain.

    Now we can create External trust.
    1.open “active directory domain and trust”, right-click ”sun.local” and select “Properties”. 
     

    2.select “Trusts” in the tab ”New Trust”.

     


    More information about create trust relationship, please refer to the following article: Create a two-way, external trust for both sides of the trust



    Hope above information can help you. If there is anything else we can do for you, please feel free to post in the forum.


    Best regards,
    Cynthia 

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年9月20日 9:54
  • http://technet.microsoft.com/en-us/library/cc780479(WS.10).aspx

    http://technet.microsoft.com/en-us/library/cc740018(WS.10).aspx

    To create a forest trust

    1. Open Active Directory Domains and Trusts.
    2. In the console tree, right-click the domain node for the forest root domain, and then click Properties.
    3. On the Trust tab, click New Trust, and then click Next.
    4. On the Trust Name page, type the DNS name (or NetBIOS name) of another forest, and then click Next.
    5. On the Trust Type page, click Forest trust, and then click Next.
    6. On the Direction of Trust page, do one of the following:

      • To create a two-way, forest trust, click Two-way.

        Users in this forest and users in the specified forest can access resources in either forest.
      • To create a one-way, incoming forest trust, click One-way:incoming.

        Users in the specified forest will not be able to access any resources in this forest.
      • To create a one-way, outgoing forest trust, click One-way:outgoing.

        Users in this forest will not be able to access any resources in the specified forest.
    7. Continue to follow the wizard

    Below videos might help to you,

    https://www.youtube.com/watch?v=PU1VRU87tnQ

    https://www.youtube.com/watch?v=Bzn6l66Osv0

    2019年9月20日 12:27
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

    Cynthia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年9月24日 9:01
  • Hi,

     

    Just want to confirm the current situations.

     

    Please feel free to let us know if you need further assistance.

     

    Best Regards,

    Cynthia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年9月26日 2:10
  • Hi,

    I am writing here to confirm current situation.

    If the above suggestion are helpful to you, please be kind enough to "mark it as an answer" for helping more people.

    Regards,
    Udara
    2019年10月8日 2:46