Solved

Setting up a domain trust relationship

Posted on 2008-10-13
2
885 Views
Last Modified: 2012-05-05
I need to setup a Windows Server 2003 domain trust between different domains in different forests. I have attempted to configure DNS but I can only ping the domain controller but not the other domain.

- How do I configure DNS to see the other domain.
- Once that is done, what do I need to do to do a two way trust.
0
Comment
Question by:brjensen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 20 total points
ID: 22707450
To configure DNS in 2003 to allow name resolution for trusts, you have 3 options:

[1] Create a secondary zone for DomainB on the DNS servers in DomainA, and vice versa.
[2] Configure a conditional forwarder on the DNS servers in DomainA to forward all queries for DomainB to the DNS servers in DomainB, and vice versa.
[3] Create a stub zone in DomainA referencing the DNS servers in DomainB, and vice versa.

Once you have name resolution functioning in both directions, creating a trust is wizard-based and fairly simplistic.
0
 
LVL 8

Accepted Solution

by:
StrongBad_Rules earned 30 total points
ID: 22707490
Ensure that Domain Name System (DNS) is properly set up.

If there is a root DNS server that can be made the root DNS server for both of the forest DNS namespaces, make it the root server by ensuring that the root zone contains delegations for each of the DNS namespaces. Also, update the root hints of all DNS servers with the new root DNS server.

If there is no shared root DNS server and the root DNS servers for each forest DNS namespace are running a member of the Windows Server 2003 family, configure DNS conditional forwarders in each DNS namespace to route queries for names in the other namespace.

If there is no shared root DNS server, and the root DNS servers for each forest DNS namespace are not running a member of the Windows Server 2003 family, configure DNS secondary zones in each DNS namespace to route queries for names in the other namespace.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
System Center Configuration Manager 1702 - feature and licensing 5 69
RMS / DRM - differences? 3 46
Unable to hit site 2 28
Exchange 2016 - not receiving mail 17 41
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question