Creating a trust between two dif fores

Hi all, I’m trying to create a one way forest trust between two forests on dif subnets. But they can’t seem to find one another (when trying to add though Active Directory Domains and Trusts). What would I be missing?

Set up is; they each have an interface on a firebox firewall. I have the connections set up as, Any Trusted to that other interface name (basically production network to a SharePoint test network)

Also production is a 2003 domain level and test is set as 2008 R2 level… is that ok for them to least see each other?

Who is Participating?
Leon FesterSenior Solutions ArchitectCommented:
Remember that you get a domain and a forest functional level.
It's the forest functional level that is important when setting up a forest trust.
This should be at least Windows 2003

To check this, Open "Active Directory Domains and Trusts"
Right-Click any of your 2003 domains and then click properties.

You should see the Domain and Forest Functional levels displayed towards the bottom of that next screen.

P.S. What errors are you getting to indicate that the trust is not working?
Sikhumbuzo NtsadaSenior IT TechnicianCommented:
Do you have a working connection between the two forests? If yes here are the steps.
liminalAuthor Commented:
Thanks for that.

No they cant see each other from within Active Directory Domains and Trusts. The two DCs can ping each other... but trying to add a new trust... finds nothing.
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Configure forwarding on each DNS server to point the other domain. You need to resolve server names for the other domain to create a trust relationship
liminalAuthor Commented:
Resolve the server or the domain... ie or
Leon FesterSenior Solutions ArchitectCommented:
DNS needs to be able to resolve the names of the other domain.
Setup forwarders as suggested below:

Once this is done, follow the document mentioned in the earlier post.
If it still fails then check your firewall configuration:

Your DC's need to be able to locate the server holding the PDC Emulator Role in order to get the trust setup.
liminalAuthor Commented:
Yeah ive done all that and nothing. does the function level have anything to do with it?
liminalAuthor Commented:
Thanks for your help there... I was not doing the DNS setup correctly and when i did, it basically told me the that functional would not allow it to work. One forest is 2008 R2 and one is 2003

All good not that important just would have made our lives easy if we could have set this up
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.