Q

Step-by-Step on creating a trust between two AD domains' two-way trust

Our expert provides the steps to set up an Active Directory (AD) domain trust when DNS records need to be created before the trust.

Do you have instructions on creating a trust between two Active Directory (AD) domains' (Windows 2000 and Windows 2003) two-way trust? The main concern here is there has to be some DNS records created before the trust steps are taken. For the example please use Windows 2000 domain as ABC.com and Windows 2003 as 123.AD.com. Thanks!

Okay. I made the assumption that the DNS servers are the Domain Controllers. I also assumed good connectivity between the DNS severs. We will call SERVERA the Domain Controller from ABC.com and Server1 from the 123.com domain. Here are the DNS steps that you could use:

  1. On Server1 log on and access DNS.
  2. Right Click on the zone 123.com and click properties.
  3. Got to the transfers section and configure the server to allow zone transfers to the SERVERA IP address.
  4. On SERVERA log on and access DNS.
  5. Right click on the zone ABC.com and click properties.
  6. Go to the transfers section and configure the server to allow zone transfer to the Server1 IP Address.
  7. Still on SERVERA, create a SECONDARY zone called 123.com.
  8. Indicate that the Master server for the 123.com zone it Server1.
  9. On Server1, create a zone called ABC.com.
  10. Indicate that the Master server for the ABC.com zone is SERVERA.
  11. Check that the Zones are correctly populated by accepting your changes and then double-clicking on the new zone.

You are now ready to set up the trust.

Next Steps

RMS setup tips for multiple Active Directory domains

Synchronizing two Active Directory domains

How to maximize your AD domain design

This was first published in June 2005

Dig deeper on Microsoft Active Directory Design and Administration

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close