Active Directory,  Windows Server

Create a Forest Trusts In Active Directory

Trusts in Active Directory allow objects from one Domain or Forest to access objects in another Domain or Forest and allows administrators. To setup a trust:

  • Login with a user in the Domain Admins group if you are setting up a Domain trust or Enterprise Admins if you are setting up a Forest trust (if you cannot use an account in one of these groups, you can use an account in the Incoming Forest Trust Builders group)
  • Open Administrative Tools
  • Open Active Directory Domains and Trusts
  • Right-click the name of the domain
  • Click Properties
  • Click on the Trust tab
  • Click New Trust
  • Click Next
  • Click on the Trust Name page
  • Type the DNS or NetBIOS name of the forest you are connecting to
  • Click Next.
  • Click on the Trust Type page
  • Click Forest trust
  • Click Next
  • Click on the Direction of Trust page
  • To create a two-way (transitive) forest trust, click Two-way or if you’d only like to share objects one-way, click One-way
  • If One-way, choose the direction of the trust
  • Click continue to complete the wizard

Once completed, click on the Trust tab to view the trust. Then open a group, go to add a member and click on the Location button. At this screen you should see your domain and then below it another that has an icon with three triangles, similar to the Hyrule logo in Zelda. In fact, a lot of Active Directory is similar to Zelda, such as where do I find that sword, where’s the shield, etc. Just without a princess…

Anyway, you can then limit who can access the trust using the Selective authentication options in the Outgoing Trust Properties page if needed.