As you should know, the trust relationship between the domains in the ad (forest) that you create using WIN2003 defaults to a two-way trust that is transitive. So what should we do if there are two or more forests in the enterprise's application, and when there is a mutual resource access? Because the default is only in one forest in which two-way trust can be passed, two forests (AD) does not have this relationship, then we need to manually configure the trust relationship between the forest, so as to ensure the exchange of resources in different forests. For example, mergers between enterprises, two companies are using Ms AD to manage, So you can imagine that these two enterprises must be two before the forest, then now after the merger, how to let these two forest to establish a trust relationship? So what's the way to do that? So today we're going to learn how to create a trust relationship between forests!
Trust between forests in a forest is divided into external trusts and forest trusts
A The external trust is a non-transitive trust created between domains in different forests
B Forest trust is a trust established between Windows 2003 forest root domains, a trust established between Windows SERVER 2003 forest root domains, and provides a one-way or bidirectional transitive trust relationship between domains within any forest
1. Create an external trust
You need to set up a DNS forwarder before you create an external trust: Configure forwarders for each DNS server between a two-forest DC:
Can parse benet.com.cn in the Project field
Can parse project.lcom in Benet domain
A first we configure the DNS server settings forwarder on the DC of the aptech.com domain to forward the parsing work of all benet.net domains to the 192.168.6.6 machine: