September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
2.17. Creating a Shortcut Trust Between Two AD Domains
Problem
You want to create a shortcut trust between two AD domains in the same forest or in different forests. Shortcut trusts can make the authentication process more efficient between two domains in a forest.
Solution
Using a graphical user interface
Open the Active Directory Domains and Trusts snap-in.
In the left pane, right-click the domain you want to add a trust for, and select Properties.
Click on the Trusts tab.
Click the New Trust button.
After the New Trust Wizard opens, click Next.
Type the DNS name of the AD domain and click Next.
Assuming the AD domain was resolvable via DNS, the next screen will ask for the Direction of Trust. Select Two-way and click Next.
For the Outgoing Trust Properties, select all resources to be authenticated and click Next.
Enter and retype the trust password and click Next.
Click Next twice.
Using a command-line interface
> netdom trust <Domain1DNSName> /Domain:<Domain2DNSName>/Twoway /ADD[RETURN] [/UserD:<Domain2AdminUser> /PasswordD:*][RETURN] [/UserO:<Domain1AdminUser> /PasswordO:*]
To create a shortcut trust from the emea.rallencorp.com domain to the apac.rallencorp.com domain, use the following
netdom command:
> netdom trust emea.rallencorp.com /Domain:apac.rallencorp.com /Twoway /ADD[RETURN] /UserD:administrator@apac.rallencorp.com /PasswordD:*[RETURN] /UserO:administrator@emea.rallencorp.com /PasswordO:*
Discussion
Consider the forest in Figure 2-6. It has five domains in a single domain tree. ...