Monday, November 16, 2009

How to Join Two Domains

Domains by default are unable to communicate with other domains, which means somewhere in domain DOP1 cannot access any resource that is part of domain DOP2. Before a trust relationship is configured
(A) an administrator in DOP1 cannot give permission to any user of domain DOP2 for files or printers

(B) a user of domain DOP2 cannot sit at a workstation that is part of domain DOP1 and login

After a trust relationship is defined, say DOP1 trusts DOP2 the following happens

(A)users of domain DOP2 can sit at a workstation that is part of domain DOP1 and login to their own domain DOP2 (it will be displayed in the domain dropdown box)

(B)an administrator of domain DOP1 can grant permission to any user of domain DOP2 to file and print resources
(C)users of domain DOP2 are included in the Everyone group of domain DOP1

In the example above DOP1 is the trusting domain, and DOP2 is the trusted domain.
Also the above is a one-way trust relationship, i.e. while domain DOP2 users can use domain DOP1 resources, users of domain DOP1 cannot use domain DOP2 resources. A two-way relationship would allow each domain to access resources of the other (if given permission).
The basics of a trust relationship is to first configure domain DOP2 to allow domain DOP1 to trust it, and then configure domain DOP1 to trust domain DOP2:

(1)Log onto domain DOP2 as Administrator
(2)Start Active Directory Domains & Trusts for Domains (Start - Programs - Administrative Tools)
(3)Select "the properties" of the DOP2 domain then "Trust Tab"
(4)Click the Add button to " the domains that trust this domain" box
(5)Enter the name of the domain you want to be able to trust you, i.e. domain DOP1
(6)You can type a password in the Initial Password and Confirm Password, however this is only used when the trust relationship is started. You can leave it blank Click OK to complete the addition
(7)Close the Trust Relationship dialog box
(8)Log off of domain DOP2 and login onto domain DOP1 as Administrator
(9)start Active Directory Domains & Trusts for Domains (Start - Programs - Administrative Tools)
(10)Select "the properties" of the DOP1 domain then "Trust" tab
(11)Click the Add button to " the domains trusted by this domain" box
(12)Enter the name of domain DOP2 and the password if one was configured in step 6
(13)Click OK and close.
(14)Domain DOP1 trusts domain DOP2

No comments:

Post a Comment