Do you have instructions on creating a trust between two Active Directory (AD) domains' (Windows 2000 and Windows...
2003) two-way trust? The main concern here is there has to be some DNS records created before the trust steps are taken. For the example please use Windows 2000 domain as ABC.com and Windows 2003 as 123.AD.com. Thanks!
Okay. I made the assumption that the DNS servers are the Domain Controllers. I also assumed good connectivity between the DNS severs. We will call SERVERA the Domain Controller from ABC.com and Server1 from the 123.com domain. Here are the DNS steps that you could use:
- On Server1 log on and access DNS.
- Right Click on the zone 123.com and click properties.
- Got to the transfers section and configure the server to allow zone transfers to the SERVERA IP address.
- On SERVERA log on and access DNS.
- Right click on the zone ABC.com and click properties.
- Go to the transfers section and configure the server to allow zone transfer to the Server1 IP Address.
- Still on SERVERA, create a SECONDARY zone called 123.com.
- Indicate that the Master server for the 123.com zone it Server1.
- On Server1, create a zone called ABC.com.
- Indicate that the Master server for the ABC.com zone is SERVERA.
- Check that the Zones are correctly populated by accepting your changes and then double-clicking on the new zone.
Can you trust AD's trust relationships?
Troubleshooting a cross-forest trust in Active Directory
You are now ready to set up the trust.
RMS setup tips for multiple Active Directory domains
Synchronizing two Active Directory domains
How to maximize your AD domain design
Dig Deeper on Windows systems and network management
Related Q&A from Paul Hinsberg
Need to take an in-place upgraded PDC offline to rebuild it and use the second and third freshly-built 2003 DCs to handle services? Our expert ... Continue Reading
Expert Paul Hinsberg breaks down the rules for go by when naming DNS domains. Continue Reading
Expert Paul Hinsberg weighs the pros and cons of installing DNS on domain controllers rather than having separate DNS servers. Continue Reading