Tip & How-To about Computers & Internet

CREATING TRUST RELATIONSHIP BETWEEN TWO WINDOW DOMAIN(2003 server)

Using two domains for example Domain X and Domain Y.
You can create a two-way trust with domain-wide authentication.between the two domains if they belong to the same organisation depending on the imformation that you want to share or use between the two domains .you do this on an established domain controller for each domain.

  • STEPS
  • .On the server where you have domain controller for example on Domain X ,log on as an administrator then go to >Start >Administrative Tools >Active Directory Domains and Trusts.then Right-click on Domain X, go to > Properties. >click on "Trusts" tab. then > New Trust. click - [Next].
  • In the name field type the second domain to trust thats domain Y, in this case then click >next to continue
  • then Select the Direction of the Trust. either two way trust or one way but in this case its a two way then Click [Next].
  • In "Sides of the Trust", select the "This domain only" bullet. then [Next].
  • Set the Authentication level to "Domain-wide Authentication". then [Next].
  • you will be prompted to Enter a Trust Password twice. also Remember to make it strong enough to comply with password criteria in your domain security policy.
  • Click [Next] - [Next] - [Next].
  • Select the "No" bullet to the Outgoing Trust Confirmation - [Next].
  • Select the "No" bullet to the Incoming Trust Confirmation - [Next].
  • Click [Finish] - [OK].
  • Log off of DomainX ,
  • ON THE SECOND DOMAIN (DOMAIN Y) YOU PERFORM THE BELOW STEPS

  • Then .Login to DomainY using Administrator account.
  • go to > Start > Administrative Tools ->Active Directory Domains and Trusts.
  • Right-click on Domain Y, and select Properties. click on "Trusts" tab. Click the [New Trust...] then [Next].
  • in the Name field type domain X to indicate the domain to trust, then click [Next].
  • Select " the Direction of the Trust. in this case its a two way trust then Click [Next].
  • In "Sides of the Trust", select the "This domain only" bullet. Tthen Click [Next].
  • Set the Authentication level to "Domain-wide Authentication". then Click [Next].
  • you will be prompted to Enter a Trust Password twice.dont forget to use the same Trust Password that you used previously in the step above then Click [Next] - [Next] - [Next].
  • Select the "Yes" bullet to the Outgoing Trust Confirmation - [Next].
  • Select the "Yes" bullet to the Incoming Trust confirmation - [Next].
  • to finish Click [Finish] - [OK].
  • Then Log off of DomainY.

Posted by on

Computers & Internet Logo

Related Topics:

Related Questions:

3 Answers

2 domains with a one-way trust relationship. Users on the 2nd domain have to re-login in order to use resources on the 1st domain. Is there a timeout on the trust? What is causing this?


It sounds like you might be dealing with 2 issues here.

When you setup a one way trust they are non-transitive. What this means is one of the domains (say A) is the Trusting domain and the other (B) is the Trusted domain. If you are familiar with the graphic presentations of trust relationships think of 2 circles, one labeled A and the other B. There would be an arrow pointing towards domain B from domain A. Users in B can use resources in A. Users in A cannot access resources in B. Global groups from B can be used in A, but not vice versa. Domain B will appear in the login box in the A computers, but Domain A will not appear in the Domain B login screen.Users and groups in a trusting domain cannot be assigned permissions, rights, or access to a trusted domain. If you want all users to be able to use resources in all domains then you would have to setup 2 way Trust Relationships.

The issue that you are having with users having to relogin may be tied to a domain server not copying down login information to all other servers on the network. Make sure that all of your primary domain servers are setup to speak to all of your other primary and secondary domain servers.

Mar 01, 2010 | Computers & Internet

2 Answers

Logon issue in a domain trust - Win 2003


Are you logging in through terminal services? If so you need to give the user "allow logon through terminal services" permission in group policy.

Otherwise you need to give the user "allow logon locally" permission on the domain controller.

Mar 20, 2009 | Microsoft Windows Server Standard 2003 for...

2 Answers

Is PDC required to create trust between 2 AD 2003 forests.


1. Open Active Directory Domains And Trusts from Administrative Tools.
2. In the console tree pane, select and right-click the domain node for the forest root for which you want to create a trust.
3. Select Properties.
4. Select the Trusts tab in the Properties dialog box.
5. Click New Trust and click Next (skip the Welcome screen).
6. On the Trust Name page, enter the DNS name of the target domain for your trust (for our example, it is Cogswellcogs.com) and click Next.
7. Select Forest Trust on the Trust Type page and click Next. (If the Forest Trust option is missing, you may have omitted one of the prerequisites. In that case, double-check the DNS Forwarders tab and the forest functional level of all the domains in both forests.)
8. Choose a direction for the trust relationship: Two-Way, One-Way Incoming, or One-Way Outgoing.
  • Two-Way: All users in both forests will be able to access all resources in both forests.
  • One-Way Incoming: All users in this forest will be able to access all resources in the other forest but not vice versa.
  • One-Way Outgoing: All users in the target forest will be able to access all resources in this forest but not vice versa.
After you’ve chosen, click Next.
    9. Resource access is still governed by permissions in the domain where the resource exists. The trust direction provides access to all resources where permissions allow access. Select the sides of the trust relationship: This Domain Only or Both This Domain And The Target Domain.
    • This Domain Only: Creates the trust relationship in this domain only; an administrator on the other end will have to complete the other trust.
    • Both This Domain And The Target Domain: Requires sufficient access in the remote domain and will allow you to complete the trust setup.
    10. Select the appropriate path, depending on the choices you made in the previous two steps.
    • If you chose Two-Way or One-Way Outgoing in step 8 and This Domain Only in step 9, you will need to select a trust authentication level. Domain-Wide Authentication will authenticate all users in the remote forest for all resources in the local forest. Choosing Selective Authentication will allow you to specify which users in the remote domain have access to local resources. Click Next. Enter a password for the trust and click Next.
    • If you chose One-Way Incoming in step 8 and This Domain Only in step 9, enter the password for the trust in the Trust Password and Confirm Password boxes. Click Next.
    • If you selected both domains (this domain and the selected domain) in step 9, a username and password box will appear to allow you to enter the username and password of an administrator account in the target forest. Click Next.
    11. On the next screen, verify all of your selections. When you click Next, the wizard creates the trust. Verify the settings of the new trust.
    12. Confirm the outgoing trust. Select Yes if you created both sides of the trust; select No if you did not.
    13. Click Finish in the Creating The Trust wizard.
    The new trust will appear on the Trusts tab in the Properties dialog box for the domain.

    For More information
    http://support.microsoft.com/?id=816301

    http://technet2.microsoft.com/windowsserver/en/library/69cacd89-d5dc-4559-9de7-f5e279e603721033.mspx?mfr=true

    Nov 16, 2007 | Microsoft Windows Server Standard 2003 for...

    Not finding what you are looking for?

    1,354 people viewed this tip

    Ask a Question

    Usually answered in minutes!

    Top Computers & Internet Experts

    Doctor PC
    Doctor PC

    Level 3 Expert

    7733 Answers

    kakima

    Level 3 Expert

    102366 Answers

    David Payne
    David Payne

    Level 3 Expert

    14161 Answers

    Are you a Computer and Internet Expert? Answer questions, earn points and help others

    Answer questions

    Loading...