Skip to main content

Server Administration 2012 Lab-39 Creating Forest Trust

TRUST RELATIONSHIP
Pre-requisites: Before working on this lab, you must have
1. A computer running Windows Server 2012Domain Controller for MICROSOFT.COM.
2. A computer running Windows Server 2012 Domain Controller for IBM.COM.

Domain:MICROSOFT.COM
Domain:IBM.COM

 SYS1
Domain Controller-MICROSOFT.COM
IP Address 10.0.0.1
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.1
Alternate DNS 10.0.0.2

SYS2
Domain Controller-IBM.COM
IP Address 10.0.0.2
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.2
Alternate DNS 10.0.0.1


1. Go to Active Directory Domains and Trusts,
2. Right click the Domain name and select Properties.
3. Verify Domain and Forest functional level to be Windows Server 2012.
4. Select Trusts tab,Click New Trust.
5. On Welcome wizard, click Next.
6. In Trust Name,enter name of other ForestIBM.COM and click Next.
7. Select Forest trust and click Next
8. Select Two-way and click Next.
9. Select Both this domain and the specified domain and click Next.
10. Enter Administrator and Password of Specified domain:IBM.COM and click Next
11. Select Forest-wide authentication for Local Forest and click Next.
12. Select Forest-wide authentication for Specified Forest and click Next.
13. Verify the Trust Selections and click Next.
14. Verify the Summary and click Next.
15. Select Yes, confirm the outgoing trust and click Next.
16. Select Yes, confirm the incoming trust and click Next.
17. Click Finish.
18. Check Outgoing and Incoming Trusts and click OK.


Verification:
1. Try to Logon on to MICROSOFT.COM domain computers or IBM.COM domain computers as other Domain Users.
Note:By default Users cannot log on to D.C.
2. Log in as MICROSOFTAdministrator to MICROSOFT.COM D.C and allow IBM users to log on to D.C using Domain Controller Security Policy in Group Policy Management.(Allow Logon Locally Policy)
3. Similarly allow MICROSOFT.COM users to log on to IBM.COM D.C using Domain Controller Security Policy of IBM.COM D.C.

Comments

Post a Comment

Popular posts from this blog

Server Administration 2012 Lab-44 Configuring Read-Only Domain Controller

1. Log in as Administrator to the Workgroup Computer(SYS2) 2. Assign IP Address and Preferred DNS Server Address. 3. Click Server Manager 4. In Server Manager Dashboard, Click Add roles and features. 5. In Before you begin page, click Next, In Select installation type, select Role-based or feature-based installation, click Next. 6. In Select destination server, from Server Pool select SYS2,click Next. 7. In Roles, check the box Active Directory Domain Services. 8. Click Add Features, to install the required features for Active Directory Domain Services.Click Next. 9. In Select features wizard, click Next. 10. In Active Directory Domain Services wizard, click Next. 11. Check the box Restart the destination server automatically if required. Click Install. 12. Click Promote this server to a domain controller. 13. In Deployment Configuration wizard, select Add a domain controller to an existing domain, enter the Domain (Ex: Microsoft.com) 14. Click Change, enter User Name: us
Post a Comment
Read more

Server Administration 2012 Lab-40 Configuring Global Catalog Server

GLOBAL CATALOG, SITES, and READ ONLY DOMAIN CONTROLLER Pre-requisites: Before working on this lab, you must have 1. A computer running windows 2012 server Domain Controller. 2. A computer running windows 2012 server. Domain:MICROSOFT.COM SYS1 Domain Controller IP Address 10.0.0.1 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Alternate DNS ---------- SYS2 Read Only Domain controller IP Address 10.0.0.2  Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.2 Alternate DNS 10.0.0.1 1. Go to Active Directory Sites and Services. 2. Expand the Sites Default-First-Site-NameServersServer Names NTDS Settings. 3. Right click NTDS Setting and Properties, If the checkbox Global Catalog is checked, then it is a Global Catalog Server.
Post a Comment
Read more