You have two separate Active Directory forests and you wish to create a trust between two domains within each forest.
You need to know the following before proceeding:
- For Domain A, a user account that has domain admin rights.
- The DNS domain name of domain A (e.g., exampleA.local)
- For Domain B, a user account that has domain admin rights.
- The DNS domain name of domain B (e.g., exampleB.local)
- If you need a one-way or two-way trust.
Let’s now build the trust.
Before proceeding, you need to ensure that the networks/forest on both sides have access to each others DNS information! Otherwise, you will never succeed. DNS will contain all of the SVR records that the trusts will rely on. Typically, this is done by creating a domain forwarder between each DNS zone (e.g., DNS A will have a forwarder setup to DNS B in forest B and DNS B will have a forwarder to DNS A in forest A).
Once that is done:
- Log into a DC in domain A.
- Start Active Directory Domains and Trusts.
- Right-click on the domain A and click on Properties.
- Click on Trusts.
- Click on New Trust.
- The New Trust Wizard will open. Click Next.
- You need to type in the DNS domain name of domain B. Click Next.
- Next, the direction of the trust is defined. For us, we’ll be using a Two-Way trust. Click Next.
- We’ll go ahead and create both sides of the trust now. Technically, you could create the incoming trust here and let the forest B admin define their trust to you, but it’s easier and faster to just define both now. We’ll click on Both. Click Next.
- In the User Name and Password, the wizard is asking you for the forest B admin credentials so it can create the trust on the other side. Enter that information now and click Next.
- The trusts are ready to be created. Click Next.
- After creation, the wizard will ask you if you wish to confirm the trusts. Generally, you want to say Yes. Click Next.
- Assuming all went well, the wizard is done. Click Finish.