This recipe requires the Windows Server 2003 forest functional level in both forests.
You want to create a transitive trust between two AD forests. This causes the domains in both forests to trust each other without the need for additional trusts.
Open the Active Directory Domains and Trusts snap-in.
In the left pane, right click the forest root domain and select Properties.
Click on the Trusts tab.
Click the New Trust button.
After the New Trust Wizard opens, click Next.
Type the DNS name of the AD forest and click Next.
Select Forest trust and click Next.
Complete the wizard by stepping through the rest of the configuration screens.
> netdom trust <
/Twoway /Transitive /ADD[RETURN] [/UserD:<
Forest2AdminUser> /PasswordD:*][RETURN] [/UserO:<
For example, to create a two-way forest trust from the AD forest rallencorp.com to the AD forest othercorp.com, use the following command:
> netdom trust rallencorp.com /Domain:othercorp.com /Twoway /Transitive /ADD[RETURN] /UserD:firstname.lastname@example.org /PasswordD:*[RETURN] /UserO:email@example.com /PasswordO:*
A new type of trust called a forest trust was introduced in Windows Server 2003. Under Windows 2000, if you wanted to create a fully trusted environment between two forests, you would have to set up individual ...