We recently acquired another company with it's own domain and on prem exchange environment. The current project in front of me is to migrate their ERP database into ours and stand up a new terminal server for them to access the ERP once the migration is complete. We now have a VPLS connection established between the two networks and we can pass traffic just fine but the domains are not yet talking to each other.
Long term I'd like to join them into our domain directly and decommission the one they are currently using (and likely move both on prem exchanges to the cloud). With exchange operating where it is and the aggressive timeline on the ERP project to consider. I'd like to minimize the amount changes happening all at once to lower the risks to the project success.
What I would like to do now is to get the domains talking to each other so that authentication can happen across them. When the users at the other domain log into the new terminal server on our domain I don't want them to have another account to log in with. Additionally, we need DNS to be talking to each other so remote apps will work properly because I can't stick a cname or static a-record into their DNS for our domain.
From the research I have done this seems possible through a forest trust and adding a new secondary zone on the DNS for each side. Their secondary zone would be our domain and our secondary zone would be their domain. I have never done either of these things in the past so I want to know if this is correct and if there are any issues with doing this that I should be aware of before I risk both domains.
I was reviewing this article and it seems pretty straightforward (although it's 11 years old).
So, is this the right approach or should I be looking at this differently?