Problem solve Get help with specific problems with your technologies, process and projects.

Step-by-Step on creating a trust between two AD domains' two-way trust

Our expert provides the steps to set up an Active Directory (AD) domain trust when DNS records need to be created before the trust.

Do you have instructions on creating a trust between two Active Directory (AD) domains' (Windows 2000 and Windows...

2003) two-way trust? The main concern here is there has to be some DNS records created before the trust steps are taken. For the example please use Windows 2000 domain as ABC.com and Windows 2003 as 123.AD.com. Thanks!

Okay. I made the assumption that the DNS servers are the Domain Controllers. I also assumed good connectivity between the DNS severs. We will call SERVERA the Domain Controller from ABC.com and Server1 from the 123.com domain. Here are the DNS steps that you could use:

  1. On Server1 log on and access DNS.
  2. Right Click on the zone 123.com and click properties.
  3. Got to the transfers section and configure the server to allow zone transfers to the SERVERA IP address.
  4. On SERVERA log on and access DNS.
  5. Right click on the zone ABC.com and click properties.
  6. Go to the transfers section and configure the server to allow zone transfer to the Server1 IP Address.
  7. Still on SERVERA, create a SECONDARY zone called 123.com.
  8. Indicate that the Master server for the 123.com zone it Server1.
  9. On Server1, create a zone called ABC.com.
  10. Indicate that the Master server for the ABC.com zone is SERVERA.
  11. Check that the Zones are correctly populated by accepting your changes and then double-clicking on the new zone.

Can you trust AD's trust relationships?

Troubleshooting a cross-forest trust in Active Directory

You are now ready to set up the trust.

Next Steps

RMS setup tips for multiple Active Directory domains

Synchronizing two Active Directory domains

How to maximize your AD domain design

Dig Deeper on Windows systems and network management