Creating a trust between two dif fores

Hi all, I’m trying to create a one way forest trust between two forests on dif subnets. But they can’t seem to find one another (when trying to add though Active Directory Domains and Trusts). What would I be missing?

Set up is; they each have an interface on a firebox firewall. I have the connections set up as, Any Trusted to that other interface name (basically production network to a SharePoint test network)

Also production is a 2003 domain level and test is set as 2008 R2 level… is that ok for them to least see each other?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sikhumbuzo NtsadaIT AdministrationCommented:
Do you have a working connection between the two forests? If yes here are the steps.
liminalAuthor Commented:
Thanks for that.

No they cant see each other from within Active Directory Domains and Trusts. The two DCs can ping each other... but trying to add a new trust... finds nothing.
Configure forwarding on each DNS server to point the other domain. You need to resolve server names for the other domain to create a trust relationship
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

liminalAuthor Commented:
Resolve the server or the domain... ie or
Leon FesterSenior Solutions ArchitectCommented:
DNS needs to be able to resolve the names of the other domain.
Setup forwarders as suggested below:

Once this is done, follow the document mentioned in the earlier post.
If it still fails then check your firewall configuration:

Your DC's need to be able to locate the server holding the PDC Emulator Role in order to get the trust setup.
liminalAuthor Commented:
Yeah ive done all that and nothing. does the function level have anything to do with it?
Leon FesterSenior Solutions ArchitectCommented:
Remember that you get a domain and a forest functional level.
It's the forest functional level that is important when setting up a forest trust.
This should be at least Windows 2003

To check this, Open "Active Directory Domains and Trusts"
Right-Click any of your 2003 domains and then click properties.

You should see the Domain and Forest Functional levels displayed towards the bottom of that next screen.

P.S. What errors are you getting to indicate that the trust is not working?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
liminalAuthor Commented:
Thanks for your help there... I was not doing the DNS setup correctly and when i did, it basically told me the that functional would not allow it to work. One forest is 2008 R2 and one is 2003

All good not that important just would have made our lives easy if we could have set this up
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.