My notes, things I have learned, and documentation I have created.

More old notes:

These are the steps I used to create a one way trust between a Windows 2008 R2 server domain and a Windows 2003 server domain. The object was to give the Windows 2008 domain environment (DomainA.com) access to the Windows 2003 domain environment (DomainB.com), but DomainB.com would have no access to the DomainA.com domain. This process can be very confusing and difficult to keep straight in your head, but I am certain that these steps worked in the environments I described above.

Windows 2008 –> Windows 2003.
From DomainA.com (Windows 2008):
Bring up “Active Directory Domains and Trusts”
Right mouse click on DomainB.com and go to Properties.
Click on the Trusts tab.
Click “New Trust”
Next
Trust Name: DomainB.com
Forest trust
One-way: incoming
This domain only
Trust Password
Next
Next
No,do not confirm the incoming trust.

From DomainB.com (Windows 2003):
Bring up “Active Directory Domains and Trusts”
Right mouse click on DomainB.com and go to Properties.
Click on the Trusts tab.
New Trust
Next
Trust Type: Forest trust
One-way: outgoing
Sides of Trust: This domain only
Forest-wide authentication
Trust Password
Next
NExt
Confirm Outgoing Trust: Yes, confirm the outgoing trust.

Then, to grant authentication permission:
From the Active Directory Users and Computers on the DomainB.com server:
Click View and Advanced Features.
Right click on Domain Controllers and go to Properties.
Then click on the Security tab.
Click Add…
Click Locations…
Select the DomainA.com from the list and click Ok.
Then enter under “Enter the object names to select” the user/group that you want to grant access to DomainB.com from a DomainA.com account. In my case, I just chose Domain Users.
From here I am prompted for DomainA.com credentials which I enter. This can be an issue that I need figure out, because what if I have no credentials in DomainA.com? It does seems that I shouldn’t need any in this configuration. In my case, this allowed a DomainA.com login the capability to login to DomainB.com computer and access resources on DomainA.com and DomainB.com as permitted. However, because it is a one way trust, DomainB.com cannot access resources on DomainA.com.