locked
Creating a Active Directory Trust between two domains RRS feed

  • Question

  • Hi

    I am trying to setup an active directory trust between two domains.

    For example

    Domain one is named - intranet.joebloggs.com - Net Bios Name - JBG - Windows Server 2012 R2 - Operating System - Windows Server 2012 R2 - 

    Domain two is named - joebloggs.com - Net Bios Name is the same as domain one - JBG - Operating System - Windows Server 2008 R2

    Domain functional level and forest functional level are the same on both and are set to Windows Server 2008 R2.

    The goal is that users with there Active Directory credentials from domain one can log into and authenticate with services on Domain two.

    Can anyone explain step by step how I can achieve this and what options I need ti take step by step.

    I did read somewhere that net bios names cannot be the same when setting up trusts so would like to rule that out before any

    further time is spent on this?

    Advice appreciated.

    metasam


    Tuesday, June 6, 2017 10:15 AM

All replies

  • Hi metasam,

    Yes, it is not available to assign the same netbios name. We could use the DNS name.
    To create a forest trust
    1.Open Active Directory Domains and Trusts.
    2.In the console tree, right-click the domain node for the forest root domain, and then click Properties.
    3.On the Trust tab, click New Trust, and then click Next.
    4.On the Trust Name page, type the DNS name (or NetBIOS name) of another forest, and then click Next.
    5.On the Trust Type page, click Forest trust, and then click Next.
    6.On the Direction of Trust page, do one of the following(for your purpose, you should choose the "one-way"):

    a.To create a two-way, forest trust, click Two-way.

    Users in this forest and users in the specified forest can access resources in either forest.
    b.To create a one-way, incoming forest trust, click One-way:incoming.

    Users in the specified forest will not be able to access any resources in this forest.
    c.To create a one-way, outgoing forest trust, click One-way:outgoing.

    Users in this forest will not be able to access any resources in the specified forest.

    7.Continue to follow the wizard.
     

    Best regards

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 7, 2017 7:01 AM
  • Hi

    Thanks for your feedback.

    Is there any particular permissions that need to be applied?

    If so what do I need to do?

    Best

    metasam

    Thursday, July 27, 2017 8:57 AM
  • It doesnt work that simple way.

    Says - the name you specified is not a valid windows domain name. And it goes nowhere.

    If I check and recheck the name and spelling - its ok, domain exists and works fine.

    So may be its not that simple as it seems to you ?

    Thursday, January 24, 2019 9:16 AM
  • Do we need to open ports in external firewall to do it ?

    Which ports should be opened ?

    Thanks,

    Monday, March 4, 2019 7:19 AM
  • Makes sure you have DNS setup correctly.  Follow this guide:

    https://petri.com/configure-dns-enable-trust-two-active-directory-forests

    Monday, August 3, 2020 1:28 PM