forest trust

Question

Hi,

I have got below requirement. need guidance please:

1- Create a separate new forest

2- create trust with old forest

3- old forest polices should be applied to new forest

4- New forest users should not replicate to old forest

need guidance on above points please.

Regards

Answer 1

Hi,
For your questions:
1- Create a separate new forest
It is no related to the old one, just create the new one.
AD DS Role Installation
DC promotion
For more details you can refer to :
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-a-new-windows-server-2012-active-directory-forest--level-200-

2- create trust with old forest
To create a 2 way trust step by step ,you can refer to the following steps:

A, Set up Conditional Forwarders OR Secondary Zone. For step by step ,please refer to :
https://social.technet.microsoft.com/Forums/windowsserver/en-US/9e501d72-5457-421a-b81b-3a1f83ac7b0e/setup-of-trust-relationship-between-2-domains?forum=winservergen

B, Create the trust, you can refer to:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc780479(v=ws.10)

3- old forest polices should be applied to new forest
When a user in domain A logon to the workstations in domain B , and you want the user also policies applied to users ,we need to Enable the "Allow cross-forest User Policy and Roaming User Profiles" policy setting in the old domain .
Policy location: Computer Configuration>Administrative Templates>Group Policy> Allow Cross-Forest User Policy and Roaming User Profiles.

4- New forest users should not replicate to old forest.
We don't need any configuration for it as users will not replicate between forest.

Best Regards,