Let’s see how to build a “Two way Transitive Trust” . You need to have a proper DNS resolution working two way.
There are different types of trusts, “Two way Transitive Trust“ is the most used and less complicated trust where both the organizations will have all the permissions over the organizations. It doesn’t fit all the scenarios. But most of them.
This will be the Initial Step if your going to do a cross forest migration between two messaging environments or migrate your Active Directory into single domain or coexist to share permissions between two forest.
Source domain – sourceazure365pro.com
Target Domain – targetazure365pro.com
Open Active Directory Domains and Trusts.
Start – Administrative Tools – Active Directory Domains and Trusts
Click on “New Trust”
Am Typing the “Netbios” or root the domain name name of the Target forest
Click on Forest Trust
Click on “Two-way” as we are going to setup – Two way Transitive Trust
Click on “Both this domain and the Specified domain”
Type the Target domain Administrator Credentials
domainname\username
password
Click on “Forest-Wide Authentication”
Outgoing Trust Authentication Level – Local Forest
Outgoing Trust Authentication Level – Specified Forest
In the confirm outgoing trust, choose Yes, Confirm the outgoing trust option. Click Next.
In the confirm incoming trust, choose Yes, Confirm the incoming trust option. Click Next.
Choose Yes
The trust relationship has been created successfully in this domain controller. Click Finish.
You can now view the trust relationship from the trusts tab as shown above
You can test by sharing the folder from source domain to target domain or vice versa. Assigning permission to users located from the other side of the forest.
You can see the trusts has been created
After Creation “ Click on Validate to verify the Trusts”
Enter the Target domain Credentials
Its always good to validate the trusts , as a confirmation , that we did the right thing
Choose Yes
Now you can see the Trusts populated in the target domain
Two way transitive Trusts between domains is valid and active now.
Hello,
After proceeding with your steps at the final stage i get Cannot logon error between domains
Is there something i miss? Also when i follow your instructions i dot see the windows showed in images 9 and 10.
Both of my servers run under:
Windows server 2008 r2 enterprise
Exchange server 2010 sp1
All I want to move the users from first server to my newly installed server. If there is another way for moving all the accounts from source server to destination server would save me a lot of time asking experts will help me a lot thanks 🙂
They are in Different domains ? or you are trying to switchover to a new hardware ?
Hai,
i follwed your steps it works fine for me……… Thanks
Hi, Can you please confirm what are the Ports/Network pre-requisites for establishing Firest trust between 2 domains.