Question

How to setup domain trust between Windows 2008 and 2003 server??

Asked by: abrothman

Can anyone give me step by step instructions how to do this, starting with setting up the DNS all the way through the trust on the Windows 2008 domain?

Here is my senario,

I have a Windows 2008 Server, domain controller running in 2008 functional level.

Server Name
Server1.domain1.local

I have a Windows 2003 Server, domain controller which is an external domain

Server Name
Server2.domain2.local

I would like to create a trust when people login to their PC's they can select either domain in the drop down to login too.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-10-10 at 15:09:15ID23805633
Tags

Microsoft

,

Windows

,

2008

Topics

Active Directory

,

Windows 2003 Server

,

Windows Server 2008

Participating Experts
2
Points
500
Comments
3

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Trusting Domains
    I am trying to trust our domain with our child company. When the Network Admin at our child company trusted my domain it goes through with no problems. On the other hand when I in turn try to trust him domain it gives me the error "Domain cannot be contacted". Any i...
  2. Domain Trusts
    I have many subnets and in each subnet is a primary standalone domain controller performing a specific function. There has now come a time where i want users to beable to access resources on another domains controllers via the different subnets that I have. My problem is th...
  3. Domain Trust
    I am trying to add a trust between 2 servers and when I try to verify the connection to another trust and I keep getting the same error, They can ping each other, so they can communicate. I can brows to the root of the domain view the computers but cannot connect to any indv...
  4. Trusting Domains
    I have two domains running on the same network, one domain called LCA is running a windows 2000 server box and the other called LCA-INC.com is running on a 2003 server box. Both systems have there own dns and wins servers running. I currently having trouble with both domain...
  5. Domain Trusts
    I have running Windows 2000 Domain_A that located in Forest_1. I created new Windows 2003 Domain_B that is located in new Forest_2. I need to established trust relationship between Domain_A and Domain_B. Then Using ADMT 2.0 Migrate Users and computers from Domain_A to Domain...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: kavlinsPosted on 2008-10-10 at 15:43:18ID: 22691301


1. Open Active Directory Domains And Trusts from Administrative Tools.

2. In the console tree pane, select and right-click the domain node for the forest root for which you want to create a trust.

3. Select Properties.

4. Select the Trusts tab in the Properties dialog box.
 
5. Click New Trust and click Next (skip the Welcome screen).

6. On the Trust Name page, enter the DNS name of the target domain for your trust (for our example, it is Cogswellcogs.com) and click Next.

7. Select Forest Trust on the Trust Type page and click Next. (If the Forest Trust option is missing, you may have omitted one of the prerequisites. In that case, double-check the DNS Forwarders tab and the forest functional level of all the domains in both forests.)

8. Choose a direction for the trust relationship: Two-Way, One-Way Incoming, or One-Way Outgoing. Two-Way: All users in both forests will be able to access all resources in both forests. One-Way Incoming: All users in this forest will be able to access all resources in the other forest but not vice versa. One-Way Outgoing: All users in the target forest will be able to access all resources in this forest but not vice versa.

After youve chosen, click Next.

9. Resource access is still governed by permissions in the domain where the resource exists. The trust direction provides access to all resources where permissions allow access. Select the sides of the trust relationship: This Domain Only or Both This Domain And The Target Domain. This Domain Only: Creates the trust relationship in this domain only; an administrator on the other end will have to complete the other trust. Both This Domain And The Target Domain: Requires sufficient access in the remote domain and will allow you to complete the trust setup.

10. Select the appropriate path, depending on the choices you made in the previous two steps. If you chose Two-Way or One-Way Outgoing in step 8 and This Domain Only in step 9, you will need to select a trust authentication level. Domain-Wide Authentication will authenticate all users in the remote forest for all resources in the local forest. Choosing Selective Authentication will allow you to specify which users in the remote domain have access to local resources. Click Next. Enter a password for the trust and click Next. If you chose One-Way Incoming in step 8 and This Domain Only in step 9, enter the password for the trust in the Trust Password and Confirm Password boxes. Click Next. If you selected both domains (this domain and the selected domain) in step 9, a username and password box will appear to allow you to enter the username and password of an administrator account in the target forest. Click Next.

11. On the next screen, verify all of your selections. When you click Next, the wizard creates the trust. Verify the settings of the new trust.

12. Confirm the outgoing trust. Select Yes if you created both sides of the trust; select No if you did not.

13. Click Finish in the Creating The Trust wizard.

The new trust will appear on the Trusts tab in the Properties dialog box for the domain

 

by: abrothmanPosted on 2008-10-17 at 12:36:33ID: 31505215

Thank you for the steps for creating this.

 

by: Eprs_AdminPosted on 2010-01-12 at 06:23:17ID: 26293087

Hello,

this description is not complete.
Please can you tell me detailed what I have to do on the DNS on both sides and how to setup the trust ?
I cannot setup the trust now because no FOREST TRUST is available.

I think I have to do some DNS settings, but the description for the DNS is not complete, sometimes they write zone and sometimes SECONDARY ZONE. Please can you be more detailed ?

what exactly is to do in the dns ? this info I got.

Okay. I made the assumption that the DNS servers are the Domain Controllers. I also assumed good connectivity between the DNS severs. We will call SERVERA the Domain Controller from ABC.com and Server1 from the 123.com domain. Here are the DNS steps that you could use:

   1. On Server1 log on and access DNS.
   2. Right Click on the zone 123.com and click properties.
   3. Got to the transfers section and configure the server to allow zone transfers to the SERVERA IP address.
   4. On SERVERA log on and access DNS.
   5. Right click on the zone ABC.com and click properties.
   6. Go to the transfers section and configure the server to allow zone transfer to the Server1 IP Address.
   7. Still on SERVERA, create a SECONDARY zone called 123.com.
   8. Indicate that the Master server for the 123.com zone it Server1.
   9. On Server1, create a zone called ABC.com.
  10. Indicate that the Master server for the ABC.com zone is SERVERA.
  11. Check that the Zones are correctly populated by accepting your changes and then double-clicking on the new zone.

You are now ready to set up the trust.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...