Establish a Windows domain trust relationship

Windows Domain Information Relationship creation Overview

Operating Environment: two independent domains (aa.com and bb.com) in Windows 2000 ).
The network segment of aa.com is 192.168.0.x, the IP address of the aa.com Domain Management Server is 192.168.0.1, and the machine name is aa.
The bb.com CIDR block is 192.168.3.x, the IP address of the bb.com Domain Management Server is 192.168.3.1, and the machine name is BB.
The two domains establish a connection using a VPN and can ping each other.
Objective: To establish a mutual trust relationship (the one-way trust relationship can also be referred to, basically the same ).

Procedure:

1. Create DNS. DNS must use the server instead of the public network, because domain resolution is required. Because the steps on aa.com and bb.com are the same, we only use aa.com as an example.
On 192.168.0.1, choose Administrative Tools> DNS> connect to computer> This computer (as a small company, domain servers are also used for DNS resolution ). Create a region> Active Directory integration region in the forward search area, enter aa.com, and the region file is named aa.com. DNS.
Right-click the newly created aa.com, select Properties> General, and change the value of dynamic update to yes.
Create a region in the forward search area-> standard secondary area, enter bb.com, IP address, and enter 192.168.3.1.
Right-click the newly created bb.com and select transfer from the master server.
In the reverse search area, create a region> directory integration area, enter network id192.168.0, and then complete.
Right-click the newly created 192.168.0.x subnet, select Properties> General, and change the value of dynamic update to yes.
Now the DNS of aa.com has been set up, and bb.com is also set up here.
Perform a test on 192.168.0.1. Note: DNS transmission may take some time. It is best to perform a test in half an hour to an hour.
(1) test domain name resolution: Ping aa.com
Normally

Pinging aa.com [192.168.0.1] with 32 bytes of data:

Reply from 192.168.0.1: bytes = 32 time <1 ms TTL = 64
Reply from 192.168.0.1: bytes = 32 time <1 ms TTL = 64
Reply from 192.168.0.1: bytes = 32 time <1 ms TTL = 64
Reply from 192.168.0.1: bytes = 32 time <1 ms TTL = 64
Ping statistics for 192.168.0.1:

Packets: Sent = 4, stored ED = 4, lost = 0 (0% loss ),

Approximate round trip times in Milli-seconds:

Minimum = 0 ms, maximum = 0 ms, average = 0 ms

This indicates that the aa.com domain has been resolved. If you ping bb.com, you can get a similar response, indicating that the bb.com domain has been resolved.

(2) test reverse search: NSLookup 192.168.0.1

Normally
Server: aa.aa.com
Address: 192.168.0.1

Name: aa.aa.com
Address: 192.168.0.1

If the test is successful on the bb.com Domain Server, you can establish a domain trust relationship.

2. Establish a domain trust relationship
You can view your domain aa.com in the management tools> Active Directory domain and trust relationship on the AA machine. In the Properties> trust, add bb.com to the domain trusted by this domain and the domain trusted by this domain.

Now we are done.

Note: If the server has two NICs, one of which is not needed, it is best to disable this Nic.
If it is used, use Route-P to specify the route direction.