Sie sind auf Seite 1von 25

Two-way Transitive Trust

Trust relationship between two different domains


Trust: A relationship between different domains or forests that allow sharing of resources
between them.
Trust can be transitive or non-transitive.
Transitive Trust: Trust which can be extended to other domains in the forests.
Non- Transitive Trust: Trust which cannot be extended to other domains in the forests,
it is only between the two domains of different forests.
Types of Trusts
External Trust: Trust between only two domains in different forests, it is a non-
transitive trust.
Forest Trust: Trust between the forest root domains and it allows other domains in the
forest to share resources, it is a transitive trust.
Shortcut Trust: It is a kind of trust which allows users from different domains within
the same forest to access resources faster.
Realm Trust: It allows windows active directory network to trust Unix-based network.
Direction of Trust
ne-way Trust: etwork A trusts network !, and then network ! can access network A
only.
Two-way Trust: etwork A trusts network !, and vice versa, then both networks A and
! can access each other.
!onfi"uration of Trust
"or this scenario we have two different domains sysglobe.com and techsavvydiary.com, both the
domain controllers are initially configured like basic #$ configuration etc
Step-# !onfi"uration of Stub $one of both the DNS servers
Stub $one: It simply gives information about other #$ servers.
Trust Relationship between Two Diferent Domains Page 1

Two-way Transitive Trust
Configuring Stub zone on sysglobe.com
Start -> administrative tools -> DNS
Select: Forward looku zone -> !.click: New zone
Click: Ne"t
Trust Relationship between Two Diferent Domains Page 2

Two-way Transitive Trust
Select: Stub zone
Select: #o all DNS servers in t$e forest sysglobe.com
Trust Relationship between Two Diferent Domains Page 3

Two-way Transitive Trust
%nter t$e name of t$e domain wit$ w$om you want to create trust:
tec$savvydiary.com
Note: &f t$e correct domain name is not entered t$e stub zone will not be created.
%nter t$e &' of ot$er domain wit$ w$om you want to create trust:
Trust Relationship between Two Diferent Domains Page 4

Two-way Transitive Trust
C$eck t$is bo" if tec$savvydiary.com $as multile DNS servers
Stub zone is successfully created so click Finis$
Trust Relationship between Two Diferent Domains Page 5

Two-way Transitive Trust
!eeating same stes on tec$savvydiary.com DC( configuring stub zone for sysglobe.com
domain( )ust c$anging t$e zone name and &' address.
Step-% !onfi"uration of Trust
Trust Relationship between Two Diferent Domains Page 6

Two-way Transitive Trust
Note: !efore configuring Trust first check the "orest functional level, it must be same between
the two domains, and it must be atleast %&&'.
(hose any one of the domain, and configure Trust on it. Trust on the other domain will be
automatically configured.
Configuring #rust on sysglobe.com
Select: start -> administrative tools -> *ctive directory domains and trusts
Select: domain name i.e. sysglobe.com -> 'roerties
Trust Relationship between Two Diferent Domains Page

Two-way Transitive Trust
Select: #rusts
Select: New #rust
Trust Relationship between Two Diferent Domains Page !

Two-way Transitive Trust
Click Ne"t
%nter t$e name of t$e Domain wit$ w$om you want to create trust
Trust Relationship between Two Diferent Domains Page "

Two-way Transitive Trust
+ere it is tec$savvydiary.com
Select: Forest trust
Select: #wo-way
Trust Relationship between Two Diferent Domains Page 1#

Two-way Transitive Trust
Select: ,ot$ t$e domain and t$e secified domain
Note: #$is otion will create trust automatically on t$e ot$er domain
%nter t$e credential of t$e domain wit$ w$om you want to create trust.
Trust Relationship between Two Diferent Domains Page 11

Two-way Transitive Trust
i.e. tec$savvydiary.com
Select: Forest wide aut$entication
*gain select: Forest wide aut$entication
Trust Relationship between Two Diferent Domains Page 12

Two-way Transitive Trust
#rust selection is comleted so click ne"t
#rust relation is successfully created so click Ne"t.
Trust Relationship between Two Diferent Domains Page 13

Two-way Transitive Trust
Select: -es( confirm t$e outgoing trust
Select: -es( confirm t$e incoming trust
Trust Relationship between Two Diferent Domains Page 14

Two-way Transitive Trust
#rust is successfully comleted so click Finis$
.e can confirm from t$is window t$at our trust $as successfully created.
Trust Relationship between Two Diferent Domains Page 15

Two-way Transitive Trust
Step-& "ivin" permission to users to access each other domain
)e have users that are already created in the active directory on both the domain controllers.
"irst performing some steps on sysglobe.com, then same steps will be repeated on
techsavvydiary.com. )e will create a *lobal group and will put all the users in it, then will create
a Universal group and will make *lobal group member of it, then we will shift to
techsavvydiary.com and will create a #omain +ocal group, then will make Universal group of
sysglobe.com member of #omain +ocal group of techsavvydiary.com.
$tart -, administrative tools -, active directory users and computers
Trust Relationship between Two Diferent Domains Page 16

Two-way Transitive Trust
-U-, ..click , ew -, *roup
*iving name to *roup e.g. $*global and select *lobal from *roup scope
Trust Relationship between Two Diferent Domains Page 1

Two-way Transitive Trust
$elect all users -, ..click , Add to a group
$elect the *lobal group then clicks -/
Trust Relationship between Two Diferent Domains Page 1!

Two-way Transitive Trust
ow creating Universal group and making the *lobal group member of it
$elect0 -U -, ..click , ew -, *roup
*iving name to group e.g. $*universal and selecting Universal from *roup scope.
Trust Relationship between Two Diferent Domains Page 1"

Two-way Transitive Trust
$elect *lobal group-, ..click , Add to a group
$elect Universal group then click ok
Trust Relationship between Two Diferent Domains Page 2#

Two-way Transitive Trust
ow shifting to other domain i.e. techsavvydiary,com and creating #omain +ocal group.
$elect -U -, ..click, ew -, *roup
*iving name to group e.g. T$#local and selecting #omain local from the group scope.
Trust Relationship between Two Diferent Domains Page 21

Two-way Transitive Trust
$elect #omain local group -, ..click , 1roperties.
$elect 2embers tab then click Add
Trust Relationship between Two Diferent Domains Page 22

Two-way Transitive Trust
ow select +ocation
$elect domain that you want to give access e.g. sysglobe.com
Trust Relationship between Two Diferent Domains Page 23

Two-way Transitive Trust
$elect Universal group from that domain e.g. $*universal group from sysglobe.com
ow we have successfully added the universal group to the domain local group, now the users of
sysglobe.com can access the permitted resources in the techsavvydiary,com.
Trust Relationship between Two Diferent Domains Page 24

Two-way Transitive Trust
Trust Relationship between Two Diferent Domains Page 25