Lab done for cross forest AD two way trust
Network Configuration for AD DC for domain abc.com
======
Network Configuration for AD DC for domain xyz.com
Network configuration for Router which will manage traffic between domain abc.com and xyz.com
You have to assign both the network cards to the router machine
Firewall is also off
Ping from Router machine to AAD in xyz.com
Ping from DC in abc.com to router
Ping from DC in xyz.com to router
Ping from DC in abc.com to DC in xyz.com
Ping from DC n xyz.com to DC in abc.com
Ping from Exchange server in abc.com to DC in abc.com
Then ping to DC in xyz.com
Then another exchange server in xyz.com
Ping from Exchange server in xyz.com to DC in xyz.com
Then ping to DC in abc.com
Then another exchange server in abc.com
One important thing though. When you ping FQDN from DC in abc.com to DC in xyz.com it doesn't work
And same is the case vice versa
To over this create DNS forwarders
Type In the IP address of the Domain controller in XYZ.com and press TAB button so as to let it Auto resolve the computer name
After Some time you will see that it will have a Green check mark next to it as the IP resolves to the computer in other network then you press OK button
When you will come back to the first page it will show you the computer name of the DC in other forest
Now when you will Ping FQDN of domain controller from ABC.com to Domain controller in XYZ.com it will be successful
Do the same on Other DC as well
And here are the Ping statistics that shows positive results.
Now we will Create Cross forest Two Way trust. We will start creating it in the first Domain controller in Forest ABC.com
Right click on the domain name and click on Properties from ‘Active Directory Domains and Trust snapin’
In the Properties Dialog Box click on ‘Trusts’ tab and then click on New trust Button at the bottom.
This is a very important step. You have to only mention the domain name of the other Forest in the field below like I Did as it’s a forest wide trust
Select the option Forest Trust below and click next
Then select Two-way trust and then click Next
Then click on option ‘Both this domain and specified domain’
Now you have to mention the password of system admin of the other forest as the query for authentication will reach the remote forest to create a two-Way trust.
Once done click on option ‘Selective authentication’
Then select the option ‘Forest-wide authentication’
Once the trust wizard will be at its completion it will you will have the summary displayed
Once you will click Next button you will have the result summary displayed confirming that the trust has been created successfully.
Select the Option yes to confirm outgoing Trust.
Do the same for the Incoming trust as well.
End of the wizard. Click Finish Button
When You will come back to the page you will have the domain name mentioned under trust section
And when you go to the Domain Controller of the other forest you do not need to re-run the trust creation wizard as it will be already created as we selected the option ‘two-Way trust’ and mentioned the credentials for the remote forest’s administrator
Now its time to validate the Trust
When you click the validate Button mentioned the credentials of the remote forest’s administrator
In the Next statement to enable name suffix routing for the trust click Yes
Same has to be done in the XYZ.com forest as well.
Now I'll Show you a user names User1 from domain ABC.com will log into a system which is domain joined in XYZ.com
And off course the other user names can also log into same machine