{"id":545,"date":"2011-12-15T13:07:22","date_gmt":"2011-12-15T20:07:22","guid":{"rendered":"http:\/\/jim-zimmerman.com\/?p=545"},"modified":"2011-12-15T13:07:22","modified_gmt":"2011-12-15T20:07:22","slug":"windows-2008-r2-to-windows-2003-trust-relationship","status":"publish","type":"post","link":"https:\/\/jim-zimmerman.com\/?p=545","title":{"rendered":"Windows 2008 R2 to Windows 2003 trust relationship"},"content":{"rendered":"<p>More old notes:<\/p>\n<p>These are the steps I used to create a one way trust between a Windows 2008 R2 server domain and a Windows 2003 server domain.  The object was to give the Windows 2008 domain environment (DomainA.com) access to the Windows 2003 domain environment (DomainB.com), but DomainB.com would have no access to the DomainA.com domain.  This process can be very confusing and difficult to keep straight in your head, but I am certain that these steps worked in the environments I described above.<\/p>\n<p>Windows 2008 &#8211;> Windows 2003.<br \/>\nFrom DomainA.com (Windows 2008):<br \/>\nBring up &#8220;Active Directory Domains and Trusts&#8221;<br \/>\nRight mouse click on DomainB.com and go to Properties.<br \/>\nClick on the Trusts tab.<br \/>\nClick &#8220;New Trust&#8221;<br \/>\nNext<br \/>\nTrust Name: DomainB.com<br \/>\nForest trust<br \/>\nOne-way: incoming<br \/>\nThis domain only<br \/>\nTrust Password<br \/>\nNext<br \/>\nNext<br \/>\nNo,do not confirm the incoming trust.<\/p>\n<p>From DomainB.com (Windows 2003):<br \/>\nBring up &#8220;Active Directory Domains and Trusts&#8221;<br \/>\nRight mouse click on DomainB.com and go to Properties.<br \/>\nClick on the Trusts tab.<br \/>\nNew Trust<br \/>\nNext<br \/>\nTrust Type: Forest trust<br \/>\nOne-way: outgoing<br \/>\nSides of Trust:  This domain only<br \/>\nForest-wide authentication<br \/>\nTrust Password<br \/>\nNext<br \/>\nNExt<br \/>\nConfirm Outgoing Trust: Yes, confirm the outgoing trust.<\/p>\n<p>Then, to grant authentication permission:<br \/>\nFrom the Active Directory Users and Computers on the DomainB.com server:<br \/>\nClick View and Advanced Features.<br \/>\nRight click on Domain Controllers and go to Properties.<br \/>\nThen click on the Security tab.<br \/>\nClick Add\u00e2\u20ac\u00a6<br \/>\nClick Locations\u00e2\u20ac\u00a6<br \/>\nSelect the DomainA.com from the list and click Ok.<br \/>\nThen enter under &#8220;Enter the object names to select&#8221; the user\/group that you want to grant access to DomainB.com from a DomainA.com account.  In my case, I just chose Domain Users.<br \/>\nFrom here I am prompted for DomainA.com credentials which I enter.  This can be an issue that I need figure out, because what if I have no credentials in DomainA.com?  It does seems that I shouldn&#8217;t need any in this configuration.  In my case, this allowed a DomainA.com login the capability to login to DomainB.com computer and access resources on DomainA.com and DomainB.com as permitted.  However, because it is a one way trust, DomainB.com cannot access resources on DomainA.com.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>More old notes: These are the steps I used to create a one way trust between a Windows 2008 R2 server domain and a Windows 2003 server domain. The object was to give the Windows 2008 domain environment (DomainA.com) access to the Windows 2003 domain environment (DomainB.com), but DomainB.com would have no access to the [&#038;hellip<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[222,63,128],"class_list":["post-545","post","type-post","status-publish","format-standard","hentry","category-documentation","tag-trust","tag-windows-2003","tag-windows-2008"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=545"}],"version-history":[{"count":4,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/545\/revisions"}],"predecessor-version":[{"id":631,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/545\/revisions\/631"}],"wp:attachment":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}