• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 595
  • Last Modified:

Server 2008 Trust

We've created a domain (Server 2008 R2) and would like to be able to use our credentials from the Windows 2003 Domain. I have created the trust and have validated trust on both domains. However still cannot authenticate on Server 2008 domain.

1. We create an outgoing trust on Windows Server 2003 to Server 2008, correct?

2. Will this allow us to use Windows 2003 domain as login credentials?

3.  We want a outgoing 1 way trust to server 2008?

4. The Windows 2003 domain is actually two az.local & webxxx.com (Should I just use the az)

Please let me know if anything I've missed. Will server 2008 allow this.

0
AZ_SysAd
Asked:
AZ_SysAd
  • 2
1 Solution
 
TripyreCommented:


http://technet.microsoft.com/en-us/library/cc816731(WS.10).aspx
Create a One-Way, Incoming, Forest Trust for One Side of the Trust
Updated: August 8, 2008

You can use this procedure to create one side of a one-way, incoming, forest trust. Although one side of a trust will be created successfully, the new trust will not function until the administrator for the reciprocal forest uses his or her credentials to create the outgoing side of the trust. If you have administrative credentials for both forests that are involved in the trust, you can use the procedure Create a One-Way, Incoming, Forest Trust for Both Sides of the Trust to create both sides of the trust in one simultaneous operation.

A one-way, incoming, forest trust allows users in your Windows Server 2008 forest or Windows Server 2003 forest (the forest that you are logged on to at the time that you run the New Trust Wizard) to access resources in another Windows Server 2008 forest or Windows Server 2003 forest. For example, if you are the administrator of the wingtiptoys.com forest and users in that forest need to access resources in the tailspintoys.com forest, you can use this procedure to establish one side of the relationship so that users in your forest can access resources in any of the domains that make up the tailspintoys.com forest.

You can create this forest trust by using the New Trust Wizard in the Active Directory Domains and Trusts snap-in or by using the Netdom command-line tool. For more information about how to use the Netdom command-line tool to create a forest trust, see Netdom Overview (http://go.microsoft.com/fwlink/?LinkId=111537).

Membership in Domain Admins in the forest root domain or Enterprise Admins in Active Directory Domain Services (AD DS), or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477. If you are a member of the Incoming Forest Trust Builders group, you can create one-way, incoming, forest trusts to your forest. For more information about the Incoming Forest Trust Builders group, see How Domain and Forest Trusts Work (http://go.microsoft.com/fwlink/?LinkID=111481).

To create a one-way, incoming, forest trust for one side of the trust
1.Open Active Directory Domains and Trusts.

2.In the console tree, right-click the domain node for the forest root domain of the forest for which you want to establish an incoming forest trust, and then click Properties.

3.On the Trusts tab, click New Trust, and then click Next.

4.On the Trust Name page, type the Domain Name System (DNS) name of the forest root domain of the other forest, and then click Next.

5.On the Trust Type page, click Forest trust, and then click Next.

6.On the Direction of Trust page, click One-way: incoming, and then click Next.

For more information about the selections that are available on the Direction of Trust page, see "Direction of Trust" in Appendix: New Trust Wizard Pages.

7.On the Sides of Trust page, click This domain only, and then click Next.

For more information about the selections that are available on the Sides of Trust page, see "Sides of Trust" in Appendix: New Trust Wizard Pages.

8.On the Trust Password page, type the trust password twice, and then click Next.

9.On the Trust Selections Complete page, review the results, and then click Next.

10.On the Trust Creation Complete page, review the results, and then click Next.

11.On the Confirm Incoming Trust page, do one of the following:

If you do not want to confirm this trust, click No, do not confirm the incoming trust.

If you want to confirm this trust, click Yes, confirm the incoming trust, and then supply the appropriate administrative credentials from the specified domain.

12.On the Completing the New Trust Wizard page, click Finish.

Create a One-Way, Incoming, Forest Trust for Both Sides of the Trust
Updated: August 8, 2008

You can use this procedure to create both sides of a one-way, incoming, forest trust. You must have administrative credentials for your forest as well as for the reciprocal forest. If you have administrative credentials only for your forest, you can use the procedure Create a One-Way, Incoming, Forest Trust for One Side of the Trust to create your side of the trust. Then, have the administrator for the reciprocal forest create a one-way, outgoing forest trust from his or her domain.

A one-way, incoming, forest trust allows users in your Windows Server 2008 forest or Windows Server 2003 forest (the forest that you are logged on to at the time that you run the New Trust Wizard) to access resources in another Windows Server 2008 forest or Windows Server 2003 forest. For example, if you are the administrator of the wingtiptoys.com forest and users in that forest need to access resources in the tailspintoys.com forest, you can use this procedure to establish one side of the relationship so that users in your forest can access resources in any of the domains that make up the tailspintoys.com forest.

You can create this forest trust by using the New Trust Wizard in the Active Directory Domains and Trusts snap-in or by using the Netdom command-line tool. For more information about using the Netdom command-line tool to create a forest trust, see Netdom Overview (http://go.microsoft.com/fwlink/?LinkId=111537).

Membership in Domain Admins in the forest root domain or Enterprise Admins in Active Directory Domain Services (AD DS), or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477. If you are a member of the Incoming Forest Trust Builders group, you can create one-way, incoming, forest trusts to your forest. For more information about the Incoming Forest Trust Builders group, see How Domain and Forest Trusts Work (http://go.microsoft.com/fwlink/?LinkID=111481).

http://technet.microsoft.com/en-us/library/cc816875(WS.10).aspx
To create a one-way, incoming, forest trust for both sides of the trust
1.Open Active Directory Domains and Trusts.

2.In the console tree, right-click the forest root domain of the forest for which you want to establish an incoming forest trust, and then click Properties.

3.On the Trusts tab, click New Trust, and then click Next.

4.On the Trust Name page, type the Domain Name System (DNS) name of the forest root domain of the other forest, and then click Next.

5.On the Trust Type page, click Forest trust, and then click Next.

6.On the Direction of Trust page, click One-way: incoming, and then click Next.

For more information about the selections that are available on the Direction of Trust page, see "Direction of Trust" in Appendix: New Trust Wizard Pages.

7.On the Sides of Trust page, click Both this domain and the specified domain, and then click Next.

For more information about the selections that are available on the Sides of Trust page, see "Sides of Trust" in Appendix: New Trust Wizard Pages.

8.On the User Name and Password page, type the user name and password for the appropriate administrator in the specified domain.

9.On the Outgoing Trust Authentication Level--Specified Forest page, do one of the following, and then click Next:

Click Forest-wide authentication.

Click Selective authentication.

10.On the Trust Selections Complete page, review the results, and then click Next.

11.On the Trust Creation Complete page, review the results, and then click Next.

12.On the Confirm Incoming Trust page, do one of the following:

If you do not want to confirm this trust, click No, do not confirm the incoming trust.

If you want to confirm this trust, click Yes, confirm the incoming trust, and then supply the appropriate administrative credentials from the specified domain.

13.On the Completing the New Trust Wizard page, click Finish.


http://technet.microsoft.com/en-us/library/cc794827(WS.10).aspx
Create a One-Way, Outgoing, Forest Trust for One Side of the Trust
Updated: August 8, 2008

You can use this procedure to create one side of a one-way, outgoing, forest trust. Although one side of a trust will be created successfully, the new trust will not function until the administrator for the reciprocal forest uses his or her credentials to create the incoming side of the trust. If you have administrative credentials for both forests that are involved in the trust, you can use the procedure Create a One-Way, Outgoing, Forest Trust for Both Sides of the Trust to create both sides of the trust in one simultaneous operation.

A one-way, outgoing, forest trust allows resources in your Windows Server 2008 forest or Windows Server 2003 forest (the forest that you are logged on to at the time that you run the New Trust Wizard) to be accessed by users in another Windows Server 2008 forest or Windows Server 2003 forest. For example, if you are the administrator of the wingtiptoys.com forest and resources in that forest need to be accessed by users in the tailspintoys.com forest, you can use this procedure to establish one side of the relationship so that users in the tailspintoys.com forest can access resources in any of the domains that make up the wingtiptoys.com forest.

You can create this forest trust by using the New Trust Wizard in the Active Directory Domains and Trusts snap-in or by using the Netdom command-line tool. For more information about using the Netdom command-line tool to create a forest trust, see Netdom Overview (http://go.microsoft.com/fwlink/?LinkId=111537).

Membership in Domain Admins in the forest root domain or Enterprise Admins in Active Directory Domain Services (AD DS), or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477. If you are a member of the Incoming Forest Trust Builders group, you can create one-way, incoming, forest trusts to your forest. For more information about the Incoming Forest Trust Builders group, see How Domain and Forest Trusts Work (http://go.microsoft.com/fwlink/?LinkID=111481).

To create a one-way, outgoing, forest trust for one side of the trust
1.Open Active Directory Domains and Trusts.

2.In the console tree, right-click the domain node for the forest root domain for which you want to establish an outgoing forest trust, and then click Properties.

3.On the Trusts tab, click New Trust, and then click Next.

4.On the Trust Name page, type the Domain Name System (DNS) name of the forest root domain of the other forest, and then click Next.

5.On the Trust Type page, click Forest trust, and then click Next.

6.On the Direction of Trust page, click One-way: outgoing, and then click Next.

For more information about the selections that are available on the Direction of Trust page, see "Direction of Trust" in Appendix: New Trust Wizard Pages.

7.On the Sides of Trust page, click This domain only, and then click Next.

For more information about the selections that are available on the Sides of Trust page, see "Sides of Trust" in Appendix: New Trust Wizard Pages.

8.On the Outgoing Trust Authentication Level page, do one of the following, and then click Next:

Click Forest-wide authentication.

Click Selective authentication.

9.On the Trust Password page, type the trust password twice, and then click Next.

10.On the Trust Selections Complete page, review the results, and then click Next.

11.On the Trust Creation Complete page, review the results, and then click Next.

12.On the Confirm Outgoing Trust page, do one of the following:

If you do not want to confirm this trust, click No, do not confirm the outgoing trust. Note that if you do not confirm the trust at this stage, the secure channel will not be established until the first time the trust is used by users.

If you want to confirm this trust, click Yes, confirm the outgoing trust, and then supply the appropriate administrative credentials from the specified domain.

13.On the Completing the New Trust Wizard page, click Finish.
0
 
AZ_SysAdAuthor Commented:
Tripyre,

Let me try this and I will get back to you...also, I will consider providing more points.

 
0
 
AZ_SysAdAuthor Commented:
Tripyre,

Thank you for this information, it has proven useful. Thanks again. Extra 25 for the wait...
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now