Objective
Provide a guideline on how to add a trusted domain to an existing domain for allowing a group of users with accessibility privileges.
Prerequisites
- One existing domain controller (e.g. FQDN: netonboard.local)
Steps
Step 1: Establish a Connection Between The Two Domains
Prepare one new Windows Server and make sure Active Directory Domain Service is installed.
Next, promote the server as a root domain by creating a new forest. (e.g FQDN: sub.netonboard.local)
Then, on the existing domain (jasper.local) server, click on the Network icon and select Open Network and Sharing Center.
From there, go to Change adapter settings > right click Ethernet network > Properties > Select Internet Protocol Version 4 (TCP/IPv4) > Properties.
Configure a static IP with the following settings:
IP address > 192.168.13.202 (local server IP address) Make sure the assigned IP is available and within the LAN range Subnet Mask > 255.255.255.0 Default Gateway > 192.168.13.254 Preferred DNS server > 192.168.13.202 (local server IP address) Alternate DNS server > 8.8.8.8
Do the same for the trusted domain (sub.netonboard.local) with the following settings:
IP address > 192.168.13.201 (local server IP address) Make sure the assigned IP is available and within the LAN range Subnet Mask > 255.255.255.0 Default Gateway > 192.168.13.254 Preferred DNS server > 192.168.13.201 (local server IP address) Alternate DNS server > 8.8.8.8
Step 2: DNS Delegation and Adding Conditional Forwarding
On the primary domain controller (netonboard.local), go to Server Manager > Tools > DNS.
Then, under Forward Lookup Zones, right-click on the root domain and select New Delegation.
On the wizard screen, specify sub as the delegated domain.
On the Name Servers screen, click on Add and enter sub.netonboard.local as the server fully qualified domain name (FQDN). Select Resolve afterwards.
At that moment, the IP address of the trusted domain should be displayed and validated. Click OK.
Select Next and Finish.
You may be shown a pop-up message box stating that the delegation already exists. To verify, go to Forward Lookup Zones > netonboard.local > your delegated zone here (e.g: sub).
Next, right-click Conditional Forwarder and select New Conditional Forwarder.
Specify the DNS domain you want the DNS request to forward to (e.g: sub.netonboard.local) and the remote domain IP address (e.g: 192.168.13.201). Then click OK.
Create another Conditional Forwarder on the Trusted Domain pointing to the local Domain Controller.
DNS Domain > netonboard.local
IP Address > 192.168.13.202
Perform a ping test to the remote domain to ensure that a connection has been established between domains.
Step 3: Create a Folder and Assign Permission as Forest Domain User
On the forest domain (netonboard.local), create a new folder on your desktop.
Make sure to create a test user on the trusted domain (sub.netonboard.local).
Right-click the created folder > Sharing > Advanced Sharing.
Make sure to check Share this folder.
Click on Permissions and select Add.
Change the location to the remote domain (sub.netonboard.local) and select Advanced.
On your right, select Find Now and list of users from the remote domain will be displayed including the test user that was created.