Add the DNS of the trusted domain as secondary zone and ask it will allow to download the zone
GuidoElia HELPPC -----Messaggio originale----- Da: Ben Scott [mailto:[EMAIL PROTECTED] Inviato: giovedì 13 novembre 2008 15.00 A: NT System Admin Issues Oggetto: Re: How to create a trust? On Thu, Nov 13, 2008 at 8:15 AM, <[EMAIL PROTECTED]> wrote: > We then did just as Microsoft (and you) said - the Properties tab of > the NYC domain's AD D&T tool. On my Win 2K servers, that's where I would go. Let's suppose you have domains <foo.example.com> and <bar.example.com>. 1. Log in to a computer on domain <foo.example.com> using an account with domain admin rights 2. Open Active Directory Domains and Trusts 3. Right-click the domain icon, choose "Properties" 4. "Trusts" tab. There are two lists: "Domains trusted by this domain" and "Domains that trust this domain". 5. Click "Add" for "trusted by" 6. Enter the domain name <bar.example.com>, and a password for the trust. 7. Repeat steps 5 and 6 for the "trust this" list 8. Repeat steps 1 through 7 on domain <bar.example.com>, targeting domain <foo.example.com> Don't enter the angle-brackets, if that isn't obvious. :) The trust password is just a shared secret unique to the trust, not a domain admin account password or anything else. > Whatever, though, should both domains have started off with a DNS A > record pointing to each other's domains? You will need DNS working for both domains in both domains for AD to work properly. However, I believe just adding an A record will not do it. All the docs say AD uses SRV records to locate DCs, and I've never seen anything that leads me to think otherwise. Your best bet is to make sure each domain can fully resolve all DNS records in the other domain. If the domains share a common parent domain, that can be done by making sure delegations (NS records) exist for each subdomain, and that those NS records are returned in each domain. However, that won't work if the domains are private and don't share their DNS infrastructure. If that's the case, and you're running Windows 2003 for DNS, you can configure your DNS servers for each one to forward queries for the specific domains to the DNS servers for the other domain. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
