Share via

setup of trust relationship between 2 domains

Hannah Xiong 6,276 Reputation points
2020-08-07T07:40:24.42+00:00

Hello, we have 2 domains each in their own location. There is a VPN connecting between both sites each domain with their own firewall, DNS and DHCP services. We would like to create a one-way trust relationship from Site A to Site B. After some research there are discrepancies in the steps required to create a trust relationship that we found. Does anyone have the correct steps required to create a trust relationship? Thank you

Source: https://social.technet.microsoft.com/Forums/windowsserver/en-US/9e501d72-5457-421a-b81b-3a1f83ac7b0e/setup-of-trust-relationship-between-2-domains?forum=winservergen

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,651 questions
0 comments
Accepted answer
  1. Daisy Zhou 25,061 Reputation points Microsoft Vendor
    2020-08-07T08:19:29.683+00:00

    Hello,
    Thank you for posting here.

    Before establishing forest/domain trust, we need to set up conditional forwarders OR secondary zone.

    We recommend that the domain controller is also a DNS server.
    We can set up conditional forwarders or secondary zone on the primary domain controller (DNS server) in both domains.

    For example, in my lab environment:

    Forest one: primary domain controller and DNS server, domain controller name: 2012R2, IP address 192.168.2.50, domain name: fabrikam.com.

    Forest two: primary domain controller and DNS server, domain controller name: 2019standard, IP address 192.168.3.50, domain name: a.com.

    Prerequisite:
    The domain name, FQDN and IP address can be pinged mutually.
    16280-case31.png

    Create secondary zone:

    1. On the PDC of fabrikam.com, open the DNS server, right-click "Fabrikam.com" -> select "Properties" -> Zone Transfer -> Allow zone transfer to any server.
      16336-case32.png
    2. By right-clicking on DNS-> "Forward Lookup Zone" -> Select "New Zone"-Secondary Zone -> a.com and IP address, the results are as follows:
      16337-case33.png
    3. On the PDC of the a.com domain, right-click "a.com" -> select "Properties" -> Zone Transfer -> Allow zone transfer to any server.
      16402-case34.png
    4. By right-clicking on "Forward Lookup Zone" in DNS->Select "New Zone"-Secondary Zone->fabrikam.com, the result is as follows:
      16329-case35.png

    Set up conditional forwarders

    1. Open the DNS manager on the PDC of fabrikam.com, right-click "Conditional Forwarders"> "New Conditional Forwarders"> enter the other party's domain name and IP address.
      16330-case36.png
    2. Open the DNS manager on the PDC of a.com, right-click "Conditional Forwarders"> "New Conditional Forwarders"> enter the other party's domain name and IP address.
      16230-case37.png
      After we setting up conditional forwarder or secondary zone, we can refer to the link Tim provided to create forest/domain trust.

    Best Regards,
    Daisy Zhou

    3 people found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.