Friday, November 20, 2015

Create a Shortcut Trust

Membership in Domain Admins , or Enterprise Admins , or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

Creating a shortcut trust

To create a shortcut trust using the Windows interface

  1. Open Active Directory Domains and Trusts. To open Active Directory Domains and Trusts, click Start , click Administrative Tools , and then click Active Directory Domains and Trusts .
    To open Active Directory Domains and Trusts in Windows Server® 2012, click Start , type domain.msc .
  2. In the console tree, right-click the domain node for the domain that you want to establish a shortcut trust with, and then click Properties .
  3. On the Trusts tab, click New Trust , and then click Next .
  4. On the Trust Name page, type the Domain Name System (DNS) name (or NetBIOS name) of the domain, and then click Next .
  5. On the Direction of Trust page, do one of the following:
    • To create a two-way shortcut trust, click Two-way .

      Users in this domain and users in the specified domain will be able to use this trust path.
    • To create a one-way incoming shortcut trust, click One-way:incoming .

      Users in the specified domain will not be able to use this trust path.
    • To create a one-way outgoing shortcut trust, click One-way:outgoing .

      Users in this domain will not be able to use this trust path.
  6. Continue to follow the instructions in the wizard.

Additional considerations

  • To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, search for "using run as" in Help and Support.
  • If you have the appropriate administrative credentials for each domain, you can create both sides of a shortcut trust at the same time by clicking Both this domain and the specified domain on the Sides of Trust page.

Additional references

To create a shortcut trust using a command line

  1. Open a command prompt. To open a command prompt, click Start , click Run , type cmd , and then click OK .
    To open a command prompt in Windows Server 2012, click Start , type cmd , and then click OK .
  2. Type the following command, and then press ENTER:
netdom trust <TrustingDomainName> /d:<TrustedDomainName> /add
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)