Creating A forest Wide trust in AD with both incoming and outgoing trust

Introduction:

After having spent the last three days trying to get backups go to an offsite location an idea of creating a forest trust between the sites came up which I spent some more three days working on but finally the whole issue is now in the past.

The company has three locations with three subnets each having its own forest with a domain inside, this article covers the creation of forest wide trust between the three locations

Note: make sure DNS is working by making sure all DNS servers are able to resolve names in other domains, done by adding a conditional forwarder on each DNS server to the other servers:

Ø  Open DNS manager , right click conditional forwarder and click new

Ø  In the DNS Domain type the domain name e.g. TechNet. Local

Ø  Where its written click here to add an IP type the IP address of the other DNS servers

Ø  Select the store this conditional forwarder and replicate it as follows, the select all domain controllers in this domain (for windows 2000 compatibility)

Ø  Repeat the previous steps in all the DNS servers

CREATING THE FOREST TRUST

The following steps shows creating a forest trust between 3 forests with all of them acting as trusted and trusting with both incoming and outgoing trust

Ø  Open active directory domains and trust in one of the Domain controller

Ø  Right click the domain name ,select properties then click the trust tab

Ø  Click new trust

Ø  In the trust name type the DNS name of the domain you want to create the trust with

Ø  In the type of trust select forest trust and click next

Ø  In the direction of trust click two way

Ø  Side of trust select both this domain and the specified domain, click next

Ø  Provide username and password for the specified domain

Ø  In the outgoing trust authentication level – local forest  select forest wide the click next

Ø  In the outgoing trust authentication level – specified  forest  select forest wide the click next

Ø  In the next screen confirm the details and click next to complete the creation

Ø  In the next two screens you can confirm the outgoing and incoming trust if need be

To confirm the trust relationship and update routed names and suffixes click the name of the trusted or trusting domain and click properties.

Click the validate button and click yes validate the incoming or outgoing trust enter credentials for the specified domain and click ok

Repeat the above procedure for the third forest on the same forest that you were working on

Lastly on the second forest follow the above procedure to update the trust between the second and third server
Remember to update root hints in each DNS server, By adding FQDN names and IP addresses of the DNS servers  Accessed through : Open DNS server > right click > select properties > click the root hints tab > click Add