I have one domain domain1.local 192.168.15.0 (With Exchange 2003) and a second domain domain2.local 192.168.2.0 . they are connected via a PIX 506E site to site VPN . Both DC's can ping each other. I can connected to both DCs from the other (ie start/run \\192.168.15.1 will bring up the shares on the DC from the other network) . The DNS MMC sees the other DNS server and I can do a "connect to other DNS server" no problem. What I need to do is have a domain trust that allows domain2.local clients to log on to the exchange server and for both sides to be able to access shares on the opposite side. The permissions cannot be "everyone". So I guess I will need both ADs communicating with each other or joined somehow. Any help would be greatly appreciated. Please include links for any DNS manipulation if possible , eg for adding forwarders , stub zones , etc. Any help would be greatly appreciated.