Skip to main content

Server Administration 2012 Lab-39 Creating Forest Trust

TRUST RELATIONSHIP
Pre-requisites: Before working on this lab, you must have
1. A computer running Windows Server 2012Domain Controller for MICROSOFT.COM.
2. A computer running Windows Server 2012 Domain Controller for IBM.COM.

Domain:MICROSOFT.COM
Domain:IBM.COM

SYS1
Domain Controller-MICROSOFT.COM
IP Address 10.0.0.1
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.1
Alternate DNS 10.0.0.2

SYS2
Domain Controller-IBM.COM
IP Address 10.0.0.2
Subnet Mask 255.0.0.0
Preferred DNS 10.0.0.2
Alternate DNS 10.0.0.1


1. Go to Active Directory Domains and Trusts,
2. Right click the Domain name and select Properties.
3. Verify Domain and Forest functional level to be Windows Server 2012.
4. Select Trusts tab,Click New Trust.
5. On Welcome wizard, click Next.
6. In Trust Name,enter name of other ForestIBM.COM and click Next.
7. Select Forest trust and click Next
8. Select Two-way and click Next.
9. Select Both this domain and the specified domain and click Next.
10. Enter Administrator and Password of Specified domain:IBM.COM and click Next
11. Select Forest-wide authentication for Local Forest and click Next.
12. Select Forest-wide authentication for Specified Forest and click Next.
13. Verify the Trust Selections and click Next.
14. Verify the Summary and click Next.
15. Select Yes, confirm the outgoing trust and click Next.
16. Select Yes, confirm the incoming trust and click Next.
17. Click Finish.
18. Check Outgoing and Incoming Trusts and click OK.


Verification:
1. Try to Logon on to MICROSOFT.COM domain computers or IBM.COM domain computers as other Domain Users.
Note:By default Users cannot log on to D.C.
2. Log in as MICROSOFTAdministrator to MICROSOFT.COM D.C and allow IBM users to log on to D.C using Domain Controller Security Policy in Group Policy Management.(Allow Logon Locally Policy)
3. Similarly allow MICROSOFT.COM users to log on to IBM.COM D.C using Domain Controller Security Policy of IBM.COM D.C.

Comments

Popular posts from this blog

Server Administration 2012 Lab-8 Creating Domain User Accounts

1. Log in as Administrator to the Domain Controller . 2. Press Windows Key to go to Start, select Active Directory User and Computers. 3. In the console tree, expand your domain MICROSOFT.COM , and then right click Users Container, select New User. 4. Specify the First name and User Logon name and then click Next . 5. Enter the Password and Confirm Password for the User account, click Next . 6. Review the configuration settings for the User Account and then click Finish. Verification: 1. Login as User ( User1@Microsoft.com ) in Member Server or Client.

Server Administration 2012 Lab-10 Enabling Account Lockout policy

1. Log on to D.C as Administrator, click Press Windows Key to go to Start, select Group Policy Management. 2. Expand ForestExpand DomainsExpand Microsoft.comright click Default Domain policy and select Edit. 3. Expand Computer ConfigurationExpand PoliciesExpand WindowsSettings Expand Security SettingsExpand Account PoliciesOpen Account Lockout Policy. 4. Double click, Account lockout threshold. 5. Enter the Value for Number of invalid logon attempts(Ex: 2) 6. Set the Account lockout duration and clickOK. 7. Close the Group Policy Management Window. Verification: 1. Enter the password for user (User1) wrongly for 2 times while logging in and the user account will be locked. Unlocking the locked User accountManually 1. Log on to D.C as Administrator, click Start  Programs Administrative Tools Active Directory Users and Computers. 2. Right click the User (User1) and select Properties. 3. Check the box Unlock account click Apply and OK. Verification: 1. Log in a...

Server Administration 2012 Lab-45 Configuring Additional Domain Controller using IFM

1. Log in as Administrator to the Domain Controller (SYS1). 2. Create a Shared folder (Ex: ifm) in C drive. 3. Go to Start, type cmd in Search Apps, and select Command Prompt 4. Type Ntdsutil 5. Type Activate instance ntds. 6. Type ifm. 7. Type create sysvol full C:\ifm 8. Verify for the snapshot generated successfully. Verification 1. Log in as Administrator to the Workgroup Computer(SYS2), Assign IP Address and Preferred DNS Server Address. 2. Access the shared folder (Ex: ifm) on Domain Controller and copy it to local hard disk drive (Ex: C drive). 3. Go to Server Manager Dashboard, Click Add roles and features. 4. In Before you begin page, click Next. 5. In Select installation type, select Role-based or feature-based installation, click Next. 6. In Select destination server, from Server Pool select SYS2, click Next. 7. In Roles, check the box Active Directory Domain Services. 8. Click Add Features, to install the required features for Active Directory Domain Servi...