Establish a Two-way Active Directory Trust
In this lesson we are going to establish a transitive two-way trust between ad.serveracademy.com and co.serveracademy.com.
In order to establish a trust between the two domains, we need to confirm the following:
- You can resolve each of the DNS domains from each domain
- You have network connectivity between the two domains
- You have domain admin credentials in both domains
Configuring the Active Directory Trust
We are going to configure the AD trust from SADC01 in ad.serveracademy.com. To get started, log in to that server and from Server Manager click Tools > Active Directory Domains and Trusts:
Now right-click the domain and select Properties:
Select the Trusts tab and then click New Trusts…
Now enter the domain name under the Name field. In our case it will be co.serveracademy.com:
On the next page, we are going to select a Forest trust which is a transitive trust:
On the Direction of Trust, select a Two-way trust and click Next.
Since I have domain admin credentials ready for both domains, I am going to chose to create the trust in this domain and the specified domain (co.serveracademy.com). Chose this option then click next:
Now we need to enter the domain credentials for the other domain (co.serveracademy.com). I am going to enter the user accounts FQDN which is email@example.com:
Other ways you could enter this user name would be as shown below:
Now decide what type of authentication level you want for the outgoing trust. I want users in the co.serveracademy.com domain to automatically be able to access computers and resources in my ad.serveracademy.com domain, so I am going to chose a forest-wide authentication for both the outgoing and incoming trust authentication levels:
Now we have a summary of the settings we have chosen, you may review them before clicking Next:
The next screen should show a successful creation of the trust:
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.