First it should be confirmed the connectivity between two domain controllers. Then name resolution must be inplace to resolve domain names. There are number of ways for this.
- Conditional Forwarder
- Secondary Zone
- Stub Zone
The best solution is Stub Zone which is more secure (For more info : https://social.technet.microsoft.com/Forums/windowsserver/en-US/bf6b6f2b-a2da-4e85-970f-778180393fc4/dns-stub-zone?forum=winserverNIS). Follow the steps to configure stub zones in adatum.com and milestone.com domains.
DC in adatum.com
Open DNS manager
Expand the server and Forward Lookup Zones folder
Right click on Forward Lookup Zones folder
Click New Zone and click Next
Click on Stub Zone radio button and click Next
Select To all DNS servers running on domain controllers in this forest: domain.com
Under the Zone name : type the domain name of the other domain (In this example milestone.com)
Inside the master servers table type the IP address of the other domain's domain controller and click Next then click Finish.
You will see the other domain's folder created inside Forward Lookup Zones (milestone.com)
DC in milestone.com
Do the same things on this server instead of in Zone name type adatum.com and in the master servers table type IP address of the adatum.com DC.
Try to ping on other domains' client using there FQDN to make sure the steps succeeded.
Create Trust relationship
DC in adatum.com
Go to Active directory Domains and Trust Right click on the server and click Properties.
Select the Trusts tab and click on New trust button
In the New trust wizard under the Name type the OTHER domain name (milestone.com) and click Next
Then select Forest trust and Next
Select Two-way and Next
Select Both this domain and the specified domain, click Next
In this windows type the administrator's (Enterprise administrator) username and password
In next step it should be selected as per your security concern, Here I'm selecting Forest wide authentication for both domains.
In next two steps click Next Next
In the Confirm outgoing trust select Yes
In Confirm incoming trust select Yes, Click Next and Finish
In Outgoing trust and Incoming Trust panes you will see the other domain.
DC in milestone.com
Go to Active directory Domains and Trust Right click on the server and click Properties
Select trust tab.
In Outgoing trust and Incoming trust you will see the adatum.com
That's all. Now you have complete the trust relationship configuration. You can test it by login in to the client PC in adatum.com by using user account in milestone.com. (When typing the user name type milestone\username)
No comments:
Post a Comment