domain trusts

SR Zak
SR Zak used Ask the Experts™
Hi all,

I like some expert advice my company domain and another company has established trust relationship and some of my company users would like to take their laptops to the other company and login from there. No they need access back to my company and also they would like access to the other company network applications and so on. Does the other company need to create user accounts on their active directory so my users can access their shares, licenses and applications?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Brian PiercePhotographer
Awarded 2007
Top Expert 2008

No - the whole idea of a trust, is that their domain trusts your domain, so if the users have a valid account and can log onto your domain, their domain will trust them and give them access to resources (for which they have been granted the necessary permissions of course)
Brian PiercePhotographer
Awarded 2007
Top Expert 2008

systechSenior Technical Lead

Few things to check before establishing trust,1. I understand that you have 2008 server and is the same available on other domain? if so, you can raise the domain functional level to 2008 and forest functional to 2003 or same.
You can establish a oneway trust if they dont want access your domain. You should validate the trust with a valid admin credentials.

Hope this helps you.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Step by step guide to create Domain Trust between company A and Company B

Say users from Company A want access inot Company B.

Step1: Create a one way trust relation betwen Company A and Company B
Step2: To provide access to DFS share or application in company B.... add AD group or AD users of Company A into Company B's DFS and Apps.

Thats all you have to do.
Leon FesterSenior Solutions Architect

Most trusts are typically configured as two-way transitive trusts.
If that is the case then they users should be able to logon to their own domains, just by plugging their laptops onto the network of the other company.

Even their existing machines can be used to logon to your domain.
On Windows XP, click the "Options" button on the logon screen and select your AD Domain.
Login with your normal user credentials.

On Windows 7, there is no "Options" button so you enter your username as"

If you need to assign permissions to users from another domain, then add them to a security group of type "Domain Local".

You won't see the users from the other domain in any other universal or local groups
SR ZakNetwork Solutions


Good reply

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial