understanding domian trusts

Posted on 2012-09-02
Last Modified: 2012-09-03
i need to setup a new domain called domain c
domain c will consist of 100 users
but i have some users who belong to domain A who will need to access domain c for file server data etc and some users from domain  B who will need to access domain c
only some users from domain A & B may access domain c and the main users who are only on domain C may not access anything from Domain A or B
How can i achieve this?
Question by:dougdog
    LVL 22

    Expert Comment

    Either setup trusts and group permissions between the domains or add the users with the the same username and password using existing group permissions.  I prefer using trusts between the domains because they are easier to modify or remove.

    Author Comment

    what type of trusts should i use

    Author Comment

    can i be sure the users that should only see domain c will not see domain a or b
    also the users that are alreadyt joined to domain a & b can they remain this way or do i need to disjoin them and join them to domain c
    LVL 22

    Expert Comment

    Yes.  If the trust is one way exists only with c.   No need to change existing configuration, you are only adding information.
    LVL 18

    Assisted Solution

    by:Sushil Sonawane
    Create the external trust with domain C and make direction one-way (A domain user can able to access domin C and same B domain also)


    A === C (External Trust Nontransitive One-way)
    B === C (External Trust Nontransitive One-way)
    A====B (External Trust Transitive Two-way) OR (Forest trust Transitive Two-way)

    Please refer below article:

    1) Trust types


    2) Trust transitivity

    3 ) Creating External Trusts

    4) Creating Forest Trusts
    LVL 22

    Expert Comment

    LVL 39

    Accepted Solution

    Hm, if you have Windows Server 2003 or above, I would use standard trust instead of external.

    And follow this way:

    1) Create conditional forwarding for DNS name resolution in each domain
    2) In domain A create one-way outgoing trust to domain C (domain wide authentication or Selectivew authentication)
    3) In domain B create one-way outgoing trust to domain C (domain wide authentication or Selectivew authentication)
    4) in domain C create one-way incoming trust for domain A and domain B (domain wide authentication or Selectivew authentication)

    to be able to do that you need Enterprise Administrator account in each forest

    should work fine


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    OfficeMate Freezes on login or does not load after login credentials are input.
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now