Recreate trust relationship between two domain

Craig Garland 316 Reputation points
2022-11-08T02:00:53.877+00:00

Hi

We have two domains with a twoway trust. Domain A and Domain B.

The trust relationship was setup in 2003 when domain suffix routing was not supported. Since then the DC and domain have been update to 2016 and 2012.

We would now like to be able to authenticate in Domain A from Domain B using a domain Suffix in Domain B. EG username@mathieu.company .com

To do this we need to destroy the current trusted relationship and rebuild a new trust which will support domain suffix routing. I have tested this in UAT and it all worked without issue.

What we are worried about is this creating an issue where existing configuration is lost. EG: Domain B Security Group configured in Domain A stop working as SID have changed? Any other possible problems this might cause.

if anyone out there has rebuild a trust between two domain can you let me know if you had any problem? If anyone else has any information it would be appreciated.

Regards
Craig G

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,361 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,721 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Thameur-BOURBITA 33,976 Reputation points
    2022-11-08T07:28:43.727+00:00

    Hi,

    When you rebuild new trust relationship between two domain the authentication cross domain will be broken during the rebuilt.
    Once the trust is rebuilt, the authentication cross forest and domain will be restored.

    What we are worried about is this creating an issue where existing configuration is lost. EG: Domain B Security Group configured in Domain A stop working as SID have changed? Any other possible problems this might cause

    The SID still the same. When you remove the trust , you will see the SID of Domain B Security group in domain A instead of its name. Because there is no suffix name resolution through trust . it's a normal behavior when the trust is deleted.

    Please don't forget to mark helpful reply as answer

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.