Cross domain authentication / dns after acquiring a new company

Lean IT
Lean IT used Ask the Experts™
We recently acquired another company with it's own domain and on prem exchange environment.  The current project in front of me is to migrate their ERP database into ours and stand up a new terminal server for them to access the ERP once the migration is complete.  We now have a VPLS connection established between the two networks and we can pass traffic just fine but the domains are not yet talking to each other.

Long term I'd like to join them into our domain directly and decommission the one they are currently using (and likely move both on prem exchanges to the cloud).  With exchange operating where it is and the aggressive timeline on the ERP project to consider.  I'd like to minimize the amount changes happening all at once to lower the risks to the project success.

What I would like to do now is to get the domains talking to each other so that authentication can happen across them.  When the users at the other domain log into the new terminal server on our domain I don't want them to have another account to log in with.  Additionally, we need DNS to be talking to each other so remote apps will work properly because I can't stick a cname or static a-record into their DNS for our domain.

From the research I have done this seems possible through a forest trust and adding a new secondary zone on the DNS for each side.  Their secondary zone would be our domain and our secondary zone would be their domain.  I have never done either of these things in the past so I want to know if this is correct and if there are any issues with doing this that I should be aware of before I risk both domains.

I was reviewing this article and it seems pretty straightforward (although it's 11 years old).

So, is this the right approach or should I be looking at this differently?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Co-Founder and Chief Architect
Top Expert 2016
It is pretty straightforward, to get a trust set up all you really need to do is:

- Ensure firewall allows communication for required AD, DNS traffic.
- Create a conditional forwarder in each domain to point to a domain controller in the other domain.
- Configure the trust (which ever direction it needs to go)

Putting users from Domain A into groups in Domain B can be a bit tricket as the group needs appropriate scope, but you can add groups from Domain A in Domain B to resources directly.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial