Establish a Forest Trust Relationship from scratch

Source: Internet
Author: User

Http://blog.163.com/yucheng-lai/blog/static/17638197200922494016831/

I did an experiment today. , In my experiment, Microsoft 2007vpc Constructed,
Mcse.com ip192.168.1.2/24 DNS Yourself
Msn.com ip192.168.1.1/24 DNS Yourself
As the virtual machine can communicate, it is set to the same network segment.
I,Improvement of kinetic energy between domain and forest
Run in two forest root domains respectively Domain. MSC
Right-click the domain name to increase the dynamic level of the domain, for example:

Here I upgraded 2003 Of

(If you do not perform this operation, Kerberos authentication will fail)
Then right-click- Active Directory Domain and trust relationship-increase the level of forest kinetic energy: as shown in Figure

It is also improved.
Note that the level of the Dynamic Level of the forest can be upgraded first. If the root domain has subdomain and out-of-charge domain control, the level of the Dynamic Level of the domain must be upgraded! (Before increasing the level of forest energy All domain control levels are required 2003 )
Msn.com


Same as above ~~~ Restart after upgrading(I don't seem to be able to work without restarting. I didn't prompt to restart my machine. I used win2k3 and win2k8)
Upgrade and restart!
II.InMcse.comAndMsn.comOfDNSTo create a secondary area
Recommended method 2

Method 1:
Mcse.com \ DNSCreateMsn.comAuxiliary area



Msn.comOfIP
Then
Add
Next step


Don't click Finish !!Open Msn.com Of DNS Expand forward search area, right-click Msn.com Properties-select region copy-select-Allow region copy-only to which of the following servers are allowed DNS Service to copy region information) Mcse.com Of IP -Add-OK.

Return Mcse.com Of DNS Point in! Or you can do this step first and then do the auxiliary area. ~ !
Both sides do the same.
Note: DNS "In this way, the domain controller of both parties can use DNS Find the other party to Establish a trust relationship"
Method 2
Yes DNS Forward!
Msn.com Settings
Right-click DNS Server name selection properties-forwarder-New-fill in ( Mcse.com ) OK
In IP Fill in the address list Mcse.com Of IP
Add OK For example:

Mcse.com Same as above!
Both of the above methods can be used.
III.In the domain and trust relationship, right-click the domain name and select attributes. In the trust tab, create a trust.


Enter the domain name you want to create and be trusted with"DNSSuffix"





If selective authentication is selected
You also need to set permissions for it.
You can runDSA. MSCGo to-View-advanced kinetic energy-you can set the corresponding permissions for extra security labels on Object Attributes!

Next step
Confirm outgoing trust This stepNo, do not confirm the outgoing trust
Confirm incoming TrustAlso,No, do not confirm incoming Trust

Done! Two-way forest trust in a single room
In each domain control, the trust relationship is automatically generated when the domain and trust relationship of the other party are well established!
Users of both forests can log on to the client of the other party,
Shared Resource Access from two forests!

The security tag location will have more trusted forests.
You can set the corresponding access permissions.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.