Windows Server 2016 tips: setup trust between 2 domains
Windows Server 2016 tips: setup trust between 2 domains
Schema:
- DC21: Domain Controller ( pns.vn ), IP: 10.0.0.21 | WIN1091 : Domain member ( pns.vn ) , IP: 10.0.0.91
- DC22: Domain Controller ( pnj.vn ), IP: 10.0.0.22 | WIN1092 : Domain member ( pnj.vn ) , IP: 10.0.0.92
Setup a trust between pns.vn & pnj.vn
1) ( DC21: Domain controller) - Server Manager - Dashboard - click on Tools - click on DNS - DNS manager - click on DC21 - click on Conditional Forwarders - under New Conditional Forwarder - under DNS domain, input " pnj.vn "- under IP addresses of the master servers, input " 10.0.0.22 " - click OK - click on Conditional Forwarders , you should see " pnj.vn " .
2) Type " cmd " to load command prompt. Type " ping pnj.vn " on commandline. If failure [ "Ping request cannot find host pnj.vn"], do this:-
(DC22: Domain controller) - type " wf.mfc " to load Windows Firewall with Advanced Security - click on Windows Firewall Properties (under overview - which is in light blue) - under Domain Profile - change Firewall State to " off " - under Public Profile - change Firewall State to " off " - click " ok " which will close the Windows Firewall Properties dialogue box.
(DC21: Domain controller) - Type " ping pnj.vn " on commandline. If sucessful, done.
// --------
Steps 1) & 2) allows DC21: Domain controller to see DC22: Domain controller & access it's DC22 Domain member: WIN1092 ( pnj.vn ) IP: 10.0.0.92
----------- //
// ------------------------------------------------------------------------------------------------------//
A) ( DC22: Domain controller) - Server Manager - Dashboard - click on Tools - click on DNS - DNS manager - click on DC22 - click on Conditional Forwarders - under New Conditional Forwarder - under DNS domain, input " pnj.vn "- under IP addresses of the master servers, input " 10.0.0.21 " - click OK - click on Conditional Forwarders , you should see " pns.vn " .
B) Type " cmd " to load command prompt. Type " ping pns.vn " on commandline.
If failure [ "Ping request cannot find host pns.vn"], do this:-
(DC21: Domain controller) -type " wf.mfc " to load Windows Firewall with Advanced Security - click on Windows Firewall Properties (under overview - which is in light blue) - under Domain Profile - change Firewall State to " off " -
under Private Profile - change Firewall State to " off " - under Public Profile - change Firewall State to " off " - click " ok " which will close the Windows Firewall Properties dialogue box.
// --------
Steps A) & B) allows DC22: Domain controller to see DC21: Domain controller & access it's DC21 Domain member: WIN1091 ( pns.vn ) IP: 10.0.0.91
----------- //
// ------------------------------------------------------------------------------------------------------//
3) ( DC21: Domain controller) - Server Manager - Dashboard - click on Tools -
click on Active Directory Domains and Trusts - click on pns.vn - right-click on Properties - under pns.vn Properties - click on Trusts - click on New Trusts - under Welcome to New Trusts Wizard, click next - under Trust Name, input " pnj.vn " - click next - under Select the trust you want to create change to (x) Forest trust, click next - under Direction of Trust, select (x) Two-way, click next - under Outgoing Trust Authentication Level, select (x) Forest-wide authentication - click next - under Trust Password, input the password that you want to use, e.g: 123456 (not recommended) - click next - under Trust Selection Complete - click next - under The trust relationship was successfully created - click next - under Do you want to confirm the outgoing trust, select (x) Yes, confirm the outgoing trust - click next - under Do you want to confirm the incoming trust, select (x) Yes, confirm the incoming trust - click next - under Completing the New Trust Wizard, click Finish .
4) ( DC21: Domain controller) - Server Manager - Dashboard - click on Tools - click on Active Directory Domains and Trusts - click on pns.vn - right-click on Properties - under pns.vn Properties - click on Trusts - under Domain trusted by this domain (outgoing trusts), click once on pnj.vn - the icons for Properties & Remove will be highlighted - under Domains that trust this domain (incoming trusts), click once on pnj.vn - the icons for Properties & Remove will be highlighted - click ok .
// --
Steps 3) & 4) has setup DC21: Domain controller to trust pnj.vn ( DC22: Domain controller )
-- //
// ---------------------------------------------------------------------------------------------------//
C) ( DC22: Domain controller) - Server Manager - Dashboard - click on Tools - click on Active Directory Domains and Trusts - click on pnj.vn - right-click on Properties - under pns.vn Properties - click on Trusts - click on New Trusts - under Welcome to New Trusts Wizard, click next - under Trust Name, input " pns.vn " - click next - under Select the trust you want to create change to (x) Forest trust, click next - under Direction of Trust, select (x) Two-way, click next - under Sides of Trust, select (x) This domain only - click next - under Outgoing Trust Authentication Level, select (x) Forest-wide authentication - click next - under Trust Password, input the password that you want to use, e.g: 123456 (not recommended) - click next - under Trust Selection Complete - click next - under The trust relationship was successfully created - click next - under Do you want to confirm the outgoing trust, select (x) Yes, confirm the outgoing trust - click next - under Do you want to confirm the incoming trust, select (x) Yes, confirm the incoming trust - input the User Name & Password (for administrator account on pns.vn) - click next - under Completing the New Trust Wizard, click Finish .
D) ( DC22: Domain controller) - Server Manager - Dashboard - click on Tools - click on Active Directory Domains and Trusts - click on pnj.vn - right-click on Properties - under pnj.vn Properties - click on Trusts - under Domain trusted by this domain (outgoing trusts), click once on pns.vn - the icons for Properties & Remove will be highlighted - under Domains that trust this domain (incoming trusts), click once on pns.vn - the icons for Properties & Remove will be highlighted - click ok .
// --
Steps C) & D) has setup DC22: Domain controller to trust pns.vn ( DC21: Domain controller )
-- //
// ---------------------------------------------------------------------------------------------------//
To see if the trusts work:-
00) (DC21 Domain member WIN1091) - login as administrator (e.g: PNS/Administrator) - click on File Explorer - click on PC - click on Local Disk (C:) - right-click New Folder - input " DATA_PNS" as folder name - right-click on DATA_PNS folder - click on Sharing - click on Advanced Sharing - select (x) share this folder - click on Permissions - under Share Permissions, under Permissions for everyone, select (x) Full Control (Allow) - click ok - under share this folder, click ok - under DATA_PNS properties, click on Security - under To change permissions, click on Edit - under Security, under Group or user names, click on Add - under Select Users, Computers, Service Accounts, or Groups , click Locations - under Locations, make sure pnj.vn exist, click ok - under Select Users, Computers, Service Accounts, or Groups , under Enter the object name to select, input a valid username (e.g. HiepPNJ HiepPNJ@pnj.vn) - click ok - under Security (Permissions for DATA_PNS), under permissions for HiepPNJ , select (x) Full controls (Allow) - click ok - under Security (Permissions for DATA_PNS), under permissions for Authenticated Users, click on Close .
01) (DC21 Domain member WIN1091) - click on File Explorer - click on PC - click on Local Disk (C:) , click on DATA_PNS, right-click on New Document - input "Report_PNS" as document name - notepad (or whatever editor is set to default) will open, enter any text & Save .
02) (DC22 Domain member WIN1092) - login as administrator (e.g: PNJ/Administrator) - open file explorer - click on This PC - click on Local Disk (C:), right-click New Folder - input " DATA_PNJ" as folder name -right-click on DATA_PNJ folder - click on Sharing - click on Advanced Sharing - select (x) share this folder - click on Permissions - under Share Permissions, under Permissions for everyone, select (x) Full Control (Allow) - click ok - under share this folder, click ok -under DATA_PNJ properties, click on Security - under To change permissions, click on Edit , under Security, under Group or user names, click on Add - under Select Users, Computers, Service Accounts, or Groups , click Locations - under Locations, make sure pns.vn exist, click ok -
under Select Users, Computers, Service Accounts, or Groups , under Enter the object name to select, input a valid username (e.g. HiepPNS HiepPNS@pns.vn) - click ok, under Security (Permissions for DATA_PNJ), under permissions for HiepPNJ , select (x) Full controls (Allow) - click ok - under Security (Permissions for DATA_PNJ), under permissions for Authenticated Users, click on Close .
03) (DC22 Domain member WIN1092) - click on File Explorer - click on PC - click on Local Disk (C:) , click on DATA_PNJ, right-click on New Document - input "Report_PNJ" as document name - notepad (or whatever editor is set to default) will open, enter any text & Save .
04) logout of both WIN1091 (DC21) & WIN1092 (DC22) .
05) (DC21 Domain member pns.vn WIN1091) - login as hieppns - click on run (on start menu) - Input the following in Open: \\10.0.0.92 - under file explorer for Network > 10.0.0.92 > data_pnj - if you can open Report_PNJ - done.
06) (DC22 Domain member pnj.vn WIN1092) - login as hieppns - click on run (on start menu) - Input the following in Open: \\10.0.0.91 - under file explorer for Network > 10.0.0.91 > data_pns - if you can open Report_PNS - done.
Schema:
- DC21: Domain Controller ( pns.vn ), IP: 10.0.0.21 | WIN1091 : Domain member ( pns.vn ) , IP: 10.0.0.91
- DC22: Domain Controller ( pnj.vn ), IP: 10.0.0.22 | WIN1092 : Domain member ( pnj.vn ) , IP: 10.0.0.92
Setup a trust between pns.vn & pnj.vn
1) ( DC21: Domain controller) - Server Manager - Dashboard - click on Tools - click on DNS - DNS manager - click on DC21 - click on Conditional Forwarders - under New Conditional Forwarder - under DNS domain, input " pnj.vn "- under IP addresses of the master servers, input " 10.0.0.22 " - click OK - click on Conditional Forwarders , you should see " pnj.vn " .
2) Type " cmd " to load command prompt. Type " ping pnj.vn " on commandline. If failure [ "Ping request cannot find host pnj.vn"], do this:-
(DC22: Domain controller) - type " wf.mfc " to load Windows Firewall with Advanced Security - click on Windows Firewall Properties (under overview - which is in light blue) - under Domain Profile - change Firewall State to " off " - under Public Profile - change Firewall State to " off " - click " ok " which will close the Windows Firewall Properties dialogue box.
(DC21: Domain controller) - Type " ping pnj.vn " on commandline. If sucessful, done.
// --------
Steps 1) & 2) allows DC21: Domain controller to see DC22: Domain controller & access it's DC22 Domain member: WIN1092 ( pnj.vn ) IP: 10.0.0.92
----------- //
// ------------------------------------------------------------------------------------------------------//
A) ( DC22: Domain controller) - Server Manager - Dashboard - click on Tools - click on DNS - DNS manager - click on DC22 - click on Conditional Forwarders - under New Conditional Forwarder - under DNS domain, input " pnj.vn "- under IP addresses of the master servers, input " 10.0.0.21 " - click OK - click on Conditional Forwarders , you should see " pns.vn " .
B) Type " cmd " to load command prompt. Type " ping pns.vn " on commandline.
If failure [ "Ping request cannot find host pns.vn"], do this:-
(DC21: Domain controller) -type " wf.mfc " to load Windows Firewall with Advanced Security - click on Windows Firewall Properties (under overview - which is in light blue) - under Domain Profile - change Firewall State to " off " -
under Private Profile - change Firewall State to " off " - under Public Profile - change Firewall State to " off " - click " ok " which will close the Windows Firewall Properties dialogue box.
// --------
Steps A) & B) allows DC22: Domain controller to see DC21: Domain controller & access it's DC21 Domain member: WIN1091 ( pns.vn ) IP: 10.0.0.91
----------- //
// ------------------------------------------------------------------------------------------------------//
3) ( DC21: Domain controller) - Server Manager - Dashboard - click on Tools -
click on Active Directory Domains and Trusts - click on pns.vn - right-click on Properties - under pns.vn Properties - click on Trusts - click on New Trusts - under Welcome to New Trusts Wizard, click next - under Trust Name, input " pnj.vn " - click next - under Select the trust you want to create change to (x) Forest trust, click next - under Direction of Trust, select (x) Two-way, click next - under Outgoing Trust Authentication Level, select (x) Forest-wide authentication - click next - under Trust Password, input the password that you want to use, e.g: 123456 (not recommended) - click next - under Trust Selection Complete - click next - under The trust relationship was successfully created - click next - under Do you want to confirm the outgoing trust, select (x) Yes, confirm the outgoing trust - click next - under Do you want to confirm the incoming trust, select (x) Yes, confirm the incoming trust - click next - under Completing the New Trust Wizard, click Finish .
4) ( DC21: Domain controller) - Server Manager - Dashboard - click on Tools - click on Active Directory Domains and Trusts - click on pns.vn - right-click on Properties - under pns.vn Properties - click on Trusts - under Domain trusted by this domain (outgoing trusts), click once on pnj.vn - the icons for Properties & Remove will be highlighted - under Domains that trust this domain (incoming trusts), click once on pnj.vn - the icons for Properties & Remove will be highlighted - click ok .
// --
Steps 3) & 4) has setup DC21: Domain controller to trust pnj.vn ( DC22: Domain controller )
-- //
// ---------------------------------------------------------------------------------------------------//
C) ( DC22: Domain controller) - Server Manager - Dashboard - click on Tools - click on Active Directory Domains and Trusts - click on pnj.vn - right-click on Properties - under pns.vn Properties - click on Trusts - click on New Trusts - under Welcome to New Trusts Wizard, click next - under Trust Name, input " pns.vn " - click next - under Select the trust you want to create change to (x) Forest trust, click next - under Direction of Trust, select (x) Two-way, click next - under Sides of Trust, select (x) This domain only - click next - under Outgoing Trust Authentication Level, select (x) Forest-wide authentication - click next - under Trust Password, input the password that you want to use, e.g: 123456 (not recommended) - click next - under Trust Selection Complete - click next - under The trust relationship was successfully created - click next - under Do you want to confirm the outgoing trust, select (x) Yes, confirm the outgoing trust - click next - under Do you want to confirm the incoming trust, select (x) Yes, confirm the incoming trust - input the User Name & Password (for administrator account on pns.vn) - click next - under Completing the New Trust Wizard, click Finish .
D) ( DC22: Domain controller) - Server Manager - Dashboard - click on Tools - click on Active Directory Domains and Trusts - click on pnj.vn - right-click on Properties - under pnj.vn Properties - click on Trusts - under Domain trusted by this domain (outgoing trusts), click once on pns.vn - the icons for Properties & Remove will be highlighted - under Domains that trust this domain (incoming trusts), click once on pns.vn - the icons for Properties & Remove will be highlighted - click ok .
// --
Steps C) & D) has setup DC22: Domain controller to trust pns.vn ( DC21: Domain controller )
-- //
// ---------------------------------------------------------------------------------------------------//
To see if the trusts work:-
00) (DC21 Domain member WIN1091) - login as administrator (e.g: PNS/Administrator) - click on File Explorer - click on PC - click on Local Disk (C:) - right-click New Folder - input " DATA_PNS" as folder name - right-click on DATA_PNS folder - click on Sharing - click on Advanced Sharing - select (x) share this folder - click on Permissions - under Share Permissions, under Permissions for everyone, select (x) Full Control (Allow) - click ok - under share this folder, click ok - under DATA_PNS properties, click on Security - under To change permissions, click on Edit - under Security, under Group or user names, click on Add - under Select Users, Computers, Service Accounts, or Groups , click Locations - under Locations, make sure pnj.vn exist, click ok - under Select Users, Computers, Service Accounts, or Groups , under Enter the object name to select, input a valid username (e.g. HiepPNJ HiepPNJ@pnj.vn) - click ok - under Security (Permissions for DATA_PNS), under permissions for HiepPNJ , select (x) Full controls (Allow) - click ok - under Security (Permissions for DATA_PNS), under permissions for Authenticated Users, click on Close .
01) (DC21 Domain member WIN1091) - click on File Explorer - click on PC - click on Local Disk (C:) , click on DATA_PNS, right-click on New Document - input "Report_PNS" as document name - notepad (or whatever editor is set to default) will open, enter any text & Save .
02) (DC22 Domain member WIN1092) - login as administrator (e.g: PNJ/Administrator) - open file explorer - click on This PC - click on Local Disk (C:), right-click New Folder - input " DATA_PNJ" as folder name -right-click on DATA_PNJ folder - click on Sharing - click on Advanced Sharing - select (x) share this folder - click on Permissions - under Share Permissions, under Permissions for everyone, select (x) Full Control (Allow) - click ok - under share this folder, click ok -under DATA_PNJ properties, click on Security - under To change permissions, click on Edit , under Security, under Group or user names, click on Add - under Select Users, Computers, Service Accounts, or Groups , click Locations - under Locations, make sure pns.vn exist, click ok -
under Select Users, Computers, Service Accounts, or Groups , under Enter the object name to select, input a valid username (e.g. HiepPNS HiepPNS@pns.vn) - click ok, under Security (Permissions for DATA_PNJ), under permissions for HiepPNJ , select (x) Full controls (Allow) - click ok - under Security (Permissions for DATA_PNJ), under permissions for Authenticated Users, click on Close .
03) (DC22 Domain member WIN1092) - click on File Explorer - click on PC - click on Local Disk (C:) , click on DATA_PNJ, right-click on New Document - input "Report_PNJ" as document name - notepad (or whatever editor is set to default) will open, enter any text & Save .
04) logout of both WIN1091 (DC21) & WIN1092 (DC22) .
05) (DC21 Domain member pns.vn WIN1091) - login as hieppns - click on run (on start menu) - Input the following in Open: \\10.0.0.92 - under file explorer for Network > 10.0.0.92 > data_pnj - if you can open Report_PNJ - done.
06) (DC22 Domain member pnj.vn WIN1092) - login as hieppns - click on run (on start menu) - Input the following in Open: \\10.0.0.91 - under file explorer for Network > 10.0.0.91 > data_pns - if you can open Report_PNS - done.
Comments
Post a Comment