Creating Trust in Active Directory
The trust relationships can be created in Active Directory by launching New Trust Wizard from a domain to create external, realm, shortcut, or the forest trust. The procedure to create any kind of trust is almost same except a few configuration screens on the New Trust Wizard.
Follow the steps given below to create External trust:
- Click Start->Administrative Tools-> Active Directory Domains and Trusts to open the Active Directory Domains and Trusts snap-in, as shown in Figure 3-8.
- Right-click the domain for which you want to create trust and then select Properties from the menu that appears.
- Click Trusts tab and then click New Trust button, as shown in Figure 3-9.
The New Trust Wizard appears.
- Click Next on the welcome page. The Trust Name page appears, as shown in Figure 17:
- Provide the name of the domain with which you want to establish trust of this domain and click Next. The Trust Type page appears if the forest functional level is set to Windows Server 2008, as shown in Figure 3-11.
- Select External Trust option and click Next.
The Direction of Trust page appears with options of Two-way, one-way incoming, and one-way outgoing trusts, as shown in Figure 3-12. As their name suggests the users will be authenticated in both the domains, in the current domain and in the specified domain respectively.
- Select the direction of trust that you want to establish and click Next.The Sides of Trust page appears with following options if you select Two-way in the Direction of Trust page:
- This domain only: Allows you to create trust in local domain.
- Both this domain and the specified domain: Allows you to create trust in local domain and the specified domain. You can choose this option if you have trust creation privileges in the specified domain also.
- Select the desired side of trust option and click Next.The Outgoing Trust Authentication Level-Local page appears if you select Two-way option in the Direction of Trust page and This domain only option in Sides of Trust page. The page displays following two options:
- Domain-wide authentication: Allows you to authenticate all users of the domain for all the resources in the local domain
- Selective authentication: Allows you to provide specific authentication to each user.
- Select the desired authentication level and click Next. The Trust Password page appears.
- Provide a password for the trust in the Trust password field and then retype the password in the Confirm trust password field to confirm the password you have specified and click Next.
- Verify the trust settings on the Trust Selections Complete page that appears and click Next. The Confirm Outgoing Trust page appears.
- Select Yes, Confirm the outgoing trust option if you have created both sides of trust else select No, Do not confirm the outgoing trust option and click Next.The Confirm Incoming Trust page appears.
- Select Yes, Confirm the incoming trust option if you have created both sides of trust else select No, Do not confirm the incoming trust option and click Next.
- Click Finish in the Completing the New Trust Wizard page.The External trust will be created between the selected domains and will appear on the Trust tab of the Properties page.