{"id":1631,"date":"2015-12-08T12:27:14","date_gmt":"2015-12-08T17:27:14","guid":{"rendered":"http:\/\/wildow.com\/?p=1631"},"modified":"2015-12-08T14:18:16","modified_gmt":"2015-12-08T19:18:16","slug":"1631","status":"publish","type":"post","link":"https:\/\/wildow.com\/?p=1631","title":{"rendered":""},"content":{"rendered":"<h2><a href=\"http:\/\/bradmarsh.net\/index.php\/2008\/08\/04\/active-directory-creating-one-way-domain-trusts\/\" target=\"_blank\">Active Directory \u2013 Creating One Way Domain Trusts<\/a><\/h2>\n<div class=\"entry\" data-find=\"_1\">\n<p>Thought I might do a quick blog about creating a one way trust, as I found there to be little text on this following scenario, where the primary domain has access to the other domain, but the secondary domain has only access to itself.<\/p>\n<p>Ok so if you have the same requirement, first thing is don\u2019t bother creating a child domain within the same forest of the current domain, you can\u2019t seem to create a one way, buy default Microsoft will create a 2 way trust. So that means you must create a domain in\u00a0 a separate forest, whilst there is a bit more involved in setting up the forest in terms of allowing domain admin\u2019s rights to manage the other domain etc, it will be well worth it in the long run from a security perspective.<\/p>\n<p>Anyways, do your DC promo and create a new forest, and follow the prompts there is stacks of text on this so I am not going to ramble on about this one.<\/p>\n<p>Once the new domain is created, open \u2018Active Directory Domains and Trusts\u2019 on the primary domain find the domain right click, properties. go to the \u2018trusts\u2019 tab.<\/p>\n<p>(before you do this setup you most likely will have DNS issues, I would spend a bit of time sorting that out first other wise the next steps will not work)<\/p>\n<p>Now you should have nothing there are present.<\/p>\n<p>here you will have enter the other forests domain, choose trust with a windows domain, then next.<\/p>\n<p>Make sure you choose a one way: incoming<\/p>\n<p><span class=\"frame-outer  \"><a href=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image-thumb.png\" alt=\"image\" width=\"406\" height=\"317\" border=\"0\" \/><\/a><\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"text-decoration: underline;\">THIS is really<\/span><span class=\"Apple-converted-space\">\u00a0<\/span>important, if you don\u2019t choose \u2018This domain only\u2019\u00a0 it will NOT create a one way trust in the way that we want.<\/p>\n<p><span class=\"frame-outer  \"><a href=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image-thumb1.png\" alt=\"image\" width=\"415\" height=\"325\" border=\"0\" \/><\/a><\/span><\/p>\n<p>enter a password for the trust<\/p>\n<p><span class=\"frame-outer  \"><a href=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image2.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image-thumb2.png\" alt=\"image\" width=\"415\" height=\"324\" border=\"0\" \/><\/a><\/span><\/p>\n<p>Here say no, because at this point you only have the one trust so you have nothing to confirm the trust with at this point.<\/p>\n<p><span class=\"frame-outer  \"><a href=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image3.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image-thumb3.png\" alt=\"image\" width=\"415\" height=\"324\" border=\"0\" \/><\/a><\/span><\/p>\n<p>&nbsp;<\/p>\n<p>No go back and do the same with other domain however the only difference is your looking for the primary domain as a trust and you will need to specify a outgoing trust:<\/p>\n<p>\u201cOutgoing: Users in the specified domain can authenticate in the local domain, but users in the local domain cannot authenticate in the specified domain.\u201d<\/p>\n<p>&nbsp;<\/p>\n<p>Once you have done this then go to the properties and then you will see a validate, click on this put your administrator credentials for each domain, on completion it should give you the below message:<\/p>\n<p><span class=\"frame-outer  small \"><a href=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image4.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/bradmarsh.net\/wordpress\/wp-content\/uploads\/2008\/08\/image-thumb4.png\" alt=\"image\" width=\"244\" height=\"105\" border=\"0\" \/><\/a><\/span><\/p>\n<p>&nbsp;<\/p>\n<p>That\u2019s it you have a one way trust!<\/p>\n<p>for more reading on this have a look at:<a title=\"http:\/\/www.microsoft.com\/technet\/prodtechnol\/windows2000serv\/reskit\/deploy\/dgbe_sec_ztsn.mspx?mfr=true\" href=\"http:\/\/www.microsoft.com\/technet\/prodtechnol\/windows2000serv\/reskit\/deploy\/dgbe_sec_ztsn.mspx?mfr=true\">http:\/\/www.microsoft.com\/technet\/prodtechnol\/windows2000serv\/reskit\/deploy\/dgbe_sec_ztsn.mspx?mfr=true<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Active Directory \u2013 Creating One Way Domain Trusts Thought I might do a quick blog about creating a one way trust, as I found there to be little text on this following scenario, where the primary domain has access to &#8230; <a class=\"more-link\" href=\"https:\/\/wildow.com\/?p=1631\">Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1631","post","type-post","status-publish","format-standard","hentry","category-windows"],"_links":{"self":[{"href":"https:\/\/wildow.com\/index.php?rest_route=\/wp\/v2\/posts\/1631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wildow.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wildow.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wildow.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wildow.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1631"}],"version-history":[{"count":1,"href":"https:\/\/wildow.com\/index.php?rest_route=\/wp\/v2\/posts\/1631\/revisions"}],"predecessor-version":[{"id":1632,"href":"https:\/\/wildow.com\/index.php?rest_route=\/wp\/v2\/posts\/1631\/revisions\/1632"}],"wp:attachment":[{"href":"https:\/\/wildow.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wildow.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wildow.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}