Solved

How to setup domain trust between Windows 2008 and 2003 server??

Posted on 2008-10-10
3
43,088 Views
Last Modified: 2012-12-06
Can anyone give me step by step instructions how to do this, starting with setting up the DNS all the way through the trust on the Windows 2008 domain?

Here is my senario,

I have a Windows 2008 Server, domain controller running in 2008 functional level.

Server Name
Server1.domain1.local

I have a Windows 2003 Server, domain controller which is an external domain

Server Name
Server2.domain2.local

I would like to create a trust when people login to their PC's they can select either domain in the drop down to login too.
0
Comment
Question by:abrothman
3 Comments
 
LVL 6

Accepted Solution

by:
kavlins earned 500 total points
ID: 22691301

1. Open Active Directory Domains And Trusts from Administrative Tools.

2. In the console tree pane, select and right-click the domain node for the forest root for which you want to create a trust.

3. Select Properties.

4. Select the Trusts tab in the Properties dialog box.
 
5. Click New Trust and click Next (skip the Welcome screen).

6. On the Trust Name page, enter the DNS name of the target domain for your trust (for our example, it is Cogswellcogs.com) and click Next.

7. Select Forest Trust on the Trust Type page and click Next. (If the Forest Trust option is missing, you may have omitted one of the prerequisites. In that case, double-check the DNS Forwarders tab and the forest functional level of all the domains in both forests.)

8. Choose a direction for the trust relationship: Two-Way, One-Way Incoming, or One-Way Outgoing. Two-Way: All users in both forests will be able to access all resources in both forests. One-Way Incoming: All users in this forest will be able to access all resources in the other forest but not vice versa. One-Way Outgoing: All users in the target forest will be able to access all resources in this forest but not vice versa.

After youve chosen, click Next.

9. Resource access is still governed by permissions in the domain where the resource exists. The trust direction provides access to all resources where permissions allow access. Select the sides of the trust relationship: This Domain Only or Both This Domain And The Target Domain. This Domain Only: Creates the trust relationship in this domain only; an administrator on the other end will have to complete the other trust. Both This Domain And The Target Domain: Requires sufficient access in the remote domain and will allow you to complete the trust setup.

10. Select the appropriate path, depending on the choices you made in the previous two steps. If you chose Two-Way or One-Way Outgoing in step 8 and This Domain Only in step 9, you will need to select a trust authentication level. Domain-Wide Authentication will authenticate all users in the remote forest for all resources in the local forest. Choosing Selective Authentication will allow you to specify which users in the remote domain have access to local resources. Click Next. Enter a password for the trust and click Next. If you chose One-Way Incoming in step 8 and This Domain Only in step 9, enter the password for the trust in the Trust Password and Confirm Password boxes. Click Next. If you selected both domains (this domain and the selected domain) in step 9, a username and password box will appear to allow you to enter the username and password of an administrator account in the target forest. Click Next.

11. On the next screen, verify all of your selections. When you click Next, the wizard creates the trust. Verify the settings of the new trust.

12. Confirm the outgoing trust. Select Yes if you created both sides of the trust; select No if you did not.

13. Click Finish in the Creating The Trust wizard.

The new trust will appear on the Trusts tab in the Properties dialog box for the domain
0
 

Author Closing Comment

by:abrothman
ID: 31505215
Thank you for the steps for creating this.
0
 

Expert Comment

by:Eprs_Admin
ID: 26293087
Hello,

this description is not complete.
Please can you tell me detailed what I have to do on the DNS on both sides and how to setup the trust ?
I cannot setup the trust now because no FOREST TRUST is available.

I think I have to do some DNS settings, but the description for the DNS is not complete, sometimes they write zone and sometimes SECONDARY ZONE. Please can you be more detailed ?

what exactly is to do in the dns ? this info I got.

Okay. I made the assumption that the DNS servers are the Domain Controllers. I also assumed good connectivity between the DNS severs. We will call SERVERA the Domain Controller from ABC.com and Server1 from the 123.com domain. Here are the DNS steps that you could use:

   1. On Server1 log on and access DNS.
   2. Right Click on the zone 123.com and click properties.
   3. Got to the transfers section and configure the server to allow zone transfers to the SERVERA IP address.
   4. On SERVERA log on and access DNS.
   5. Right click on the zone ABC.com and click properties.
   6. Go to the transfers section and configure the server to allow zone transfer to the Server1 IP Address.
   7. Still on SERVERA, create a SECONDARY zone called 123.com.
   8. Indicate that the Master server for the 123.com zone it Server1.
   9. On Server1, create a zone called ABC.com.
  10. Indicate that the Master server for the ABC.com zone is SERVERA.
  11. Check that the Zones are correctly populated by accepting your changes and then double-clicking on the new zone.

You are now ready to set up the trust.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now