![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
7,023 questions
Hello
To establish a one-way trust between two domains, Domain A and Domain B, you can create a forest trust. This will allow users in Domain A to be authenticated in Domain B systems using their computer resources. Here are the steps you can follow to create a one-way forest trust:
1.Open Active Directory Domains and Trusts on the domain controller of Domain A.
2.In the console tree, right-click the domain node for the forest root domain of Domain A, and then click Properties.
3.On the Trusts tab, click New Trust, then click Next.
4.On the Trust Name page, type the DNS name (or NetBIOS name) of Domain B, and then click Next.
5.On the Trust Type page, select Forest trust, then click Next.
6.On the Direction of Trust page, select One-way:incoming. This means that users in Domain B will not be able to access any resources in Domain A.
7.Continue through the wizard to create the trust.
You mentioned that both Domain A and Domain B have Azure Active Directory with cloud sync to on-premises AD. It’s important to note that Azure AD DS only supports one-way transitive trusts where the managed domain will trust other domains, but no other directions or trust types are supported.
I hope this helps!