how is the trust relationship between two forest works?

S

Sunny

how is the trust relationship between two forest works?

We have a sister company. They have their own forest and
domain controllers. We have our's. We want to be able to
set up link between these two domain in which each domain
trust user accounts in the other domain to use its
resources.

Is there any documentation I can look up to be able to
accomplish this and if it can be done, is it safe or
recommended?
 
D

David Brandt [MSFT]

You can use the following to set this up, and if you want it to be a two way
trust, then do the same steps in the other direction as well;
315053 HOW TO: Configure One-Way Non-Transitive Trusts in Windows 2000
http://support.microsoft.com/?id=315053

Once the trust is set up, you should be able to see accounts in the other
domain available to add to resoruces, and also available as another logon
domain when you logon. The trust basically just opens the door, but doesn't
grant anybody anything, so you will need to go the serverA in domain A and
grant domainB users access to whatever resources you want.
It is fairly common for the domain admins of one domain to be added to the
Local administrators group of the other domain, which will give admins from
either domain ability to add users, etc.
The trust also needs to be set up between the pdc emulators of each
respective domain and they need to be able to resolve each other both ways,
so be sure name resolution is working ok either via dns, lmhosts files, etc.
180094 How to Write an LMHOSTS File for Domain Validation and Other Name
http://support.microsoft.com/?id=180094

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
G

Guest

Well, I was able to set up two non transitive trusts between forests and verified the trust is working. Now, my question is why I can not see the domain controller from other forest when I am logged into my own forest? I thought I should be able to do so. I created the Lmhost file as per Q article you mentioned in your reply before and checked the WINS recored for 1B recored on both domain coantrollers in both forests. WINS server on both forest is set up as push pull parters. I also created a secondary DNS zone on both servers with to create an entry on DNS. What else do I need to check?
 
G

Guest

I guess, I spoke too soon. I now can see domain controllers from both forests as well as I have access to log on to the both domains.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Controlling Trust Traffic 1
Multi forest and Citrix farm 1
How to reduce Forest trust Traffic ? 3
Cross Forest Trust 12
Forest trust - Administrator rights 5
Inter-Forest Trust relationship 0
win2003 external trust problem between domains in different forests 2
tips - trust between 2008 and 2003 domains 1

Top