?
Solved

Creating a Two AD Domain Trust

Posted on 2014-10-21
7
Medium Priority
?
236 Views
Last Modified: 2014-11-04
Hi Experts,

I am in the process of creating a project plan to create a two AD Trust between two domains.

One domain is running AD 2003 Functional/Forest levels and the other is running Windows 2008 R2 Functional/Forest levels.

Can you recommended the best practice/procedure to accomplish this project?

Should I use a stub DNS Zone vs a Conditional Forwarder etc.

Thanks
0
Comment
Question by:Teavana
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40394604
It is depend on need, if you need this trust to be keep for a long running cause, I will recommend using stub zone since that keep updated with any NS changes cross forest.

if this is short term trust such as part of migration best suit is Conditional forwarder

You may see other best practices on below KB
http://technet.microsoft.com/en-us/library/cc778033(v=ws.10).aspx
0
 
LVL 1

Author Comment

by:Teavana
ID: 40394701
Thank you for your response, I will check the suggested link and report back.
0
 
LVL 1

Author Comment

by:Teavana
ID: 40402601
VipinV,

I was able to successfully created the two way trust between the domains.  I have a security group in domain A that I need to add some users from domain B.

The security group that is in domain A is a Global group. When I tried to add users from domain B to domain A, I do not see the option to change to domain B location.

Any thoughts  on what I am missing ?   Thanks
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 40403245
Hope you need to add users from Domain A to provide permission on Domain B. I recommend change the Group scope to Domain Local.
0
 
LVL 1

Author Comment

by:Teavana
ID: 40406362
I do not follow ??
0
 
LVL 6

Accepted Solution

by:
Vipin Vasudevan earned 2000 total points
ID: 40406552
You have mentioned "The security group that is in domain A is a Global group", you may change group type to Universal then to Domain Local group, since you may not able to convert this directly in to Domain Local group
0
 
LVL 1

Author Closing Comment

by:Teavana
ID: 40422166
Got it. this worked for me. I appreciate your help.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question