{"id":1628,"date":"2015-12-04T15:43:54","date_gmt":"2015-12-04T20:43:54","guid":{"rendered":"http:\/\/swildow.darktech.org\/wp\/?p=1628"},"modified":"2015-12-04T15:43:54","modified_gmt":"2015-12-04T20:43:54","slug":"1628","status":"publish","type":"post","link":"http:\/\/www.wildow.com\/blog\/?p=1628","title":{"rendered":""},"content":{"rendered":"<h1 class=\"title\">Create an External Trust<\/h1>\n<div id=\"ratingCounter\"><span id=\"rcA\" class=\"ratingText\">3 out of 6 rated this helpful<span class=\"Apple-converted-space\">\u00a0<\/span><span id=\"rateThisPrefix\">&#8211;<span class=\"Apple-converted-space\">\u00a0<\/span><\/span><a id=\"rateThisTopic\" title=\"Rate this topic\" href=\"https:\/\/technet.microsoft.com\/en-us\/library\/cc771580.aspx#feedback\">Rate this topic<\/a><\/span><\/div>\n<p>Updated: March 1, 2012<\/p>\n<p>Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012<\/p>\n<div id=\"mainSection\">\n<div id=\"mainBody\">\n<p>You can use the Active\u00a0Directory Domains and Trusts snap-in to create external trusts.<\/p>\n<p>Membership in<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Domain Admins<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, or<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Enterprise Admins<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at<a href=\"http:\/\/go.microsoft.com\/fwlink\/?LinkId=83477\">http:\/\/go.microsoft.com\/fwlink\/?LinkId=83477<\/a>.<\/p>\n<h2 class=\"heading\">Creating an external trust<\/h2>\n<div id=\"sectionSection0\" class=\"section\">\n<ul>\n<li class=\"unordered\"><a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/cc771580.aspx#BKMK_winui\">Using the Windows interface<\/a><span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<li class=\"unordered\"><a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/cc771580.aspx#BKMK_cmd\">Using a command line<\/a><span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<\/ul>\n<div class=\"subSection\">\n<div class=\"subSection\">\n<h4 class=\"subHeading\">To create an external trust using the Windows interface<\/h4>\n<div class=\"subSection\">\n<ol class=\"ordered\">\n<li>Open Active Directory Domains and Trusts. To open Active\u00a0Directory Domains and Trusts, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Start<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Administrative Tools<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, and then click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Active\u00a0Directory Domains and Trusts<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.\n<p>To open Active Directory Domains and Trusts in Windows Server\u00ae 2012, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Start<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, type<span class=\"Apple-converted-space\">\u00a0<\/span><strong>domain.msc<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.<\/li>\n<li>In the console tree, right-click the domain node for the domain that you want to establish a trust with, and then click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Properties<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.<\/li>\n<li>On the<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Trusts<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>tab, click the<span class=\"Apple-converted-space\">\u00a0<\/span><strong>New Trust<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, and then click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Next<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.<\/li>\n<li>On the<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Trust Name<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>page, type the Domain Name System (DNS) name (or NetBIOS name) of the domain, and then click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Next<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.<\/li>\n<li>On the<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Trust Type<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>page, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>External trust<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, and then click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Next<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.<\/li>\n<li>On the<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Direction of trust<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>page, do one of the following:\n<ul>\n<li class=\"unordered\">To create a two-way, external trust, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Two-way<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.\n<p>Users in this domain and users in the specified domain will be able to access resources in either domain.<\/li>\n<li class=\"unordered\">To create a one-way, incoming external trust, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>One-way:incoming<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.\n<p>Users in the specified domain will not be able to access any resources in this domain.<\/li>\n<li class=\"unordered\">To create a one-way, outgoing external trust, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>One-way:outgoing<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.\n<p>Users in this domain will not be able to access any resources in the specified domain.<\/li>\n<\/ul>\n<\/li>\n<li>Continue to follow the instructions in the wizard.<\/li>\n<\/ol>\n<\/div>\n<\/div>\n<h4 class=\"subHeading\">Additional considerations<\/h4>\n<div class=\"subSection\">\n<ul>\n<li class=\"unordered\">To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active\u00a0Directory Domain Services (AD\u00a0DS), or you must have been delegated the appropriate authority. As a security best practice, consider using<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Run as<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>to perform this procedure. For more information, search for &#8220;using run as&#8221; in Help and Support.<\/li>\n<li class=\"unordered\">If you have the appropriate administrative credentials for each domain, you can create both sides of an external trust at the same time by clicking<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Both this domain and the specified domain<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>on the<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Sides of Trust<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>page.<span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<li class=\"unordered\">If you want to allow users from the specified domain to obtain access to all the resources in this domain, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Allow authentication for all resources<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>on the<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Outgoing Trust Properties<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>page. Use this option when both domains belong to the same organization.<\/li>\n<li class=\"unordered\">If you want to restrict users in the specified domain from obtaining access to any of the resources in this domain, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Allow authentication only for selected resources in the local domain<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>on the<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Outgoing Trust Properties<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>page. Use this option when each domain belongs to a separate organization.<\/li>\n<\/ul>\n<\/div>\n<h4 class=\"subHeading\">Additional references<\/h4>\n<div class=\"subSection\">\n<ul>\n<li class=\"unordered\"><a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/cc771568.aspx\">Managing Trusts<\/a><span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<\/ul>\n<\/div>\n<div class=\"subSection\">\n<h4 class=\"subHeading\">To create an external trust using a command line<\/h4>\n<div class=\"subSection\">\n<ol class=\"ordered\">\n<li>Open a command prompt. To open a command prompt, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Start<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Run<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, type<span class=\"Apple-converted-space\">\u00a0<\/span><strong>cmd<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, and then click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>OK<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.\n<p>To open a command prompt in Windows Server 2012, click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>Start<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, type<span class=\"Apple-converted-space\">\u00a0<\/span><strong>cmd<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>, and then click<span class=\"Apple-converted-space\">\u00a0<\/span><strong>OK<\/strong><span class=\"Apple-converted-space\">\u00a0<\/span>.<\/li>\n<li>Type the following command, and then press ENTER:\n<div id=\"code-snippet-1\" class=\"codeSnippetContainer\">\n<div class=\"codeSnippetContainerCodeContainer\">\n<div id=\"CodeSnippetContainerCode_97ce2708-43cd-4467-80ec-a2b5c56090a7\" class=\"codeSnippetContainerCode\" dir=\"ltr\">\n<div>\n<pre>netdom trust &lt;TrustingDomainName&gt; \/d:&lt;TrustedDomainName&gt; \/add<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<\/ol>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Create an External Trust 3 out of 6 rated this helpful\u00a0&#8211;\u00a0Rate this topic Updated: March 1, 2012 Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 You can use the Active\u00a0Directory Domains and Trusts snap-in to create &#8230; <a class=\"more-link\" href=\"http:\/\/www.wildow.com\/blog\/?p=1628\">Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1628","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1628","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1628"}],"version-history":[{"count":1,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1628\/revisions"}],"predecessor-version":[{"id":1629,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1628\/revisions\/1629"}],"wp:attachment":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1628"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1628"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1628"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}