Skip to main content

Server Administration 2012 Lab-39 Creating Forest Trust

TRUST RELATIONSHIP
Pre-requisites: Before working on this lab, you must have
1. A computer running Windows Server 2012Domain Controller for MICROSOFT.COM.
2. A computer running Windows Server 2012 Domain Controller for IBM.COM.

Domain:MICROSOFT.COM
Domain:IBM.COM

 SYS1
Domain Controller-MICROSOFT.COM
IP Address 10.0.0.1
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.1
Alternate DNS 10.0.0.2

SYS2
Domain Controller-IBM.COM
IP Address 10.0.0.2
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.2
Alternate DNS 10.0.0.1


1. Go to Active Directory Domains and Trusts,
2. Right click the Domain name and select Properties.
3. Verify Domain and Forest functional level to be Windows Server 2012.
4. Select Trusts tab,Click New Trust.
5. On Welcome wizard, click Next.
6. In Trust Name,enter name of other ForestIBM.COM and click Next.
7. Select Forest trust and click Next
8. Select Two-way and click Next.
9. Select Both this domain and the specified domain and click Next.
10. Enter Administrator and Password of Specified domain:IBM.COM and click Next
11. Select Forest-wide authentication for Local Forest and click Next.
12. Select Forest-wide authentication for Specified Forest and click Next.
13. Verify the Trust Selections and click Next.
14. Verify the Summary and click Next.
15. Select Yes, confirm the outgoing trust and click Next.
16. Select Yes, confirm the incoming trust and click Next.
17. Click Finish.
18. Check Outgoing and Incoming Trusts and click OK.


Verification:
1. Try to Logon on to MICROSOFT.COM domain computers or IBM.COM domain computers as other Domain Users.
Note:By default Users cannot log on to D.C.
2. Log in as MICROSOFTAdministrator to MICROSOFT.COM D.C and allow IBM users to log on to D.C using Domain Controller Security Policy in Group Policy Management.(Allow Logon Locally Policy)
3. Similarly allow MICROSOFT.COM users to log on to IBM.COM D.C using Domain Controller Security Policy of IBM.COM D.C.

Comments

Post a Comment

Popular posts from this blog

Server Administration 2012 Lab-8 Creating Domain User Accounts

1. Log in as Administrator to the Domain Controller . 2. Press Windows Key to go to Start, select Active Directory User and Computers. 3. In the console tree, expand your domain MICROSOFT.COM , and then right click Users Container, select New User. 4. Specify the First name and User Logon name and then click Next . 5. Enter the Password and Confirm Password for the User account, click Next . 6. Review the configuration settings for the User Account and then click Finish. Verification: 1. Login as User ( User1@Microsoft.com ) in Member Server or Client.
Post a Comment
Read more

Server Administration 2012 Lab-38 Applying Folder Redirection

1. Go to DC, create a Shared Folder (Folder Redirection) with everyone Co-Owner. 2. Press Windows Key to go to Start, select Group Policy Management. 3. Right click OU (Sales)Select Create a GPO... 4. Enter name (Ex: Folder Redirection) and click OK. 5. Right Click created GPO, select Edit. 6. Expand User configuration PoliciesWindows SettingsFolder Redirection  Select Desktop Right click Desktop Select Properties 7. Select Basic Redirection, select Create a folder for each user under the root path, click Browseselect the shared folder from Network,\\SYS1\Folder Redirection, click Apply and OK. Verification: 1. Login as user (S1) in client system. 2. Create a folder on desktop, Right Clickon the folder properties and check the path, it should show Network path (\\SYS1\FolderRedirection\S1\Desktop).
Post a Comment
Read more

Server Administration 2012 Lab-10 Enabling Account Lockout policy

1. Log on to D.C as Administrator, click Press Windows Key to go to Start, select Group Policy Management. 2. Expand ForestExpand DomainsExpand Microsoft.comright click Default Domain policy and select Edit. 3. Expand Computer ConfigurationExpand PoliciesExpand WindowsSettings Expand Security SettingsExpand Account PoliciesOpen Account Lockout Policy. 4. Double click, Account lockout threshold. 5. Enter the Value for Number of invalid logon attempts(Ex: 2) 6. Set the Account lockout duration and clickOK. 7. Close the Group Policy Management Window. Verification: 1. Enter the password for user (User1) wrongly for 2 times while logging in and the user account will be locked. Unlocking the locked User accountManually 1. Log on to D.C as Administrator, click Start  Programs Administrative Tools Active Directory Users and Computers. 2. Right click the User (User1) and select Properties. 3. Check the box Unlock account click Apply and OK. Verification: 1. Log in a...
Post a Comment
Read more