Trust between Domains Question

18 Oct 2006 5:30 PM

Scott

I have 2 locations. Each location has its own Active Directory domain. I
would like users from either domain to be able to access files from either
domain. I have never done this with 2003 Server/Active Directory and it has
been forever since i set one up on NT 4. I will be installing a dedicated
point to point T1 between the 2 locations. What all needs to be set up for
security/name/dns resolution? I found trusts in Active Directory Domains and
Trusts but wasnt sure if it was as simple as adding the other domain in each
network.

18 Oct 2006 5:48 PM

Paul Williams [MVP]

For the specifics on how to create the different types of trusts, see:
--
http://technet2.microsoft.com/WindowsServer/en/library/60867a61-47d6-4731-bb01-28df99314f5d1033.mspx?mfr=true

As for what needs to be in place, two main things:

DNS resolution (or NetBIOS resolution if you really want to for external
trusts)
RPC communication between the PDCe in each domain, and between DCs
thereafter.

As you have 2003, you have additional choices re. DNS. Conditional
forwarding is a nice way of configuring DNS if the two environments have
different sets of admins, as it's the easiest. Stub zones are a good idea,
or secondary zones if the amount of traffic is really high. If there's more
than light load, I would consider an AD-Integrated Stub zone.

Before [attempting to] establishing the trust, ensure that you can resolve
_ldap._tcp.pdc._msdcs.domain-name.com from both sides, and that RPC, LDAP,
DNS, SMB (CIFS) and GC are enabled between the DCs that need to talk to one
another -this is always the PDCe for creation, but 2k and k3 DCs can
maintain the secure channel thereafter.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net