Trust Relationship between two W2k3 AD domains!

-

hello,

i've got 2 windows 2003 domains (labruh.com , labjed.com) want create 1 way trust between them i.e labruh.com must able authenticate in labjed.com (this way only).  ip configuration done , both domain controllers can ping each other.

what required steps in dns servers on both dcs? dns stub zone involved in here?

what steps involved in domains , trusts in both dcs?

appreciate tips!

 

you can create dns forwarders or allow zone transfers configure server allow zone , create secondary zone depending upon n/w bandwidth.
http://www.techrepublic.com/blog/window-on-windows/configuring-dns-forwarders-to-support-windows-server-2003-forest-trusts/501

both domain controllers must ping each other ip.proper routing necessary if resides in separate subnet
add dc1 secondary dns in tcp/ip property of dc2
add dc2 secondary dns in tcp/ip property of dc1
user account performing activity should have domain admin , enterprise admin rights.

ensure required ports are open.
http://support.microsoft.com/kb/17944

refer below link more details:
http://technet.microsoft.com/en-us/library/cc779045(ws.10).aspx
http://technet.microsoft.com/en-us/library/cc779840(ws.10).aspx
http://technet.microsoft.com/en-us/library/cc776940(ws.10).aspx


hope helps.

regards,
sandesh dubey.
-------------------------------
mcse|mcsa:messaging|mcts|mcitp:enterprise adminitrator
blog: http://sandeshdubey.wordpress.com
posting provided no warranties, , confers no rights.




Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering ...
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema ...
Read more