Establish a Two-way Active Directory Trust
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
In this lesson we are going to establish a transitive two-way trust between ad.serveracademy.com and co.serveracademy.com.
In order to establish a trust between the two domains, we need to confirm the following:
- You can resolve each of the DNS domains from each domain
- You have network connectivity between the two domains
- You have domain admin credentials in both domains
Configuring the Active Directory Trust
We are going to configure the AD trust from SADC01 in ad.serveracademy.com. To get started, log in to that server and from Server Manager click Tools > Active Directory Domains and Trusts:
Now right-click the domain and select Properties:
Select the Trusts tab and then click New Trusts…
Now enter the domain name under the Name field. In our case it will be co.serveracademy.com:
On the next page, we are going to select a Forest trust which is a transitive trust:
On the Direction of Trust, select a Two-way trust and click Next.
Since I have domain admin credentials ready for both domains, I am going to chose to create the trust in this domain and the specified domain (co.serveracademy.com). Chose this option then click next:
Now we need to enter the domain credentials for the other domain (co.serveracademy.com). I am going to enter the user accounts FQDN which is administrator@co.serveracademy.com:
Other ways you could enter this user name would be as shown below:
- administrator@co
- co\administrator
- Co.serveracademy.com\administrator
Click Next.
Now decide what type of authentication level you want for the outgoing trust. I want users in the co.serveracademy.com domain to automatically be able to access computers and resources in my ad.serveracademy.com domain, so I am going to chose a forest-wide authentication for both the outgoing and incoming trust authentication levels:
Now we have a summary of the settings we have chosen, you may review them before clicking Next:
The next screen should show a successful creation of the trust:
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.
