Posted in How To

Step by Step Guide: How to create a Forest Trust

   April 20, 2023

Create a forest trust to enable File server access between contoso.com and fabrikam.com. File server is in Fabrikam.com, users are in contoso.com

Here is a step-by-step guide on how to create a forest trust between contoso.com and fabrikam.com, and allow file server access for contoso.com users to a file server located in fabrikam.com.

  1. Log in to a domain controller in the contoso.com domain with domain admin credentials.
  2. Open the Active Directory Domains and Trusts console.
  3. Right-click the root of the console, and select “Properties”.
  4. Click the “Trusts” tab, and then click “New Trust”.
  5. The New Trust Wizard will appear. Click “Next” to begin.
  6. Enter “fabrikam.com” as the name of the domain that you want to create a trust with, and then click “Next”.
  7. Select “Forest trust”, and then click “Next”.
  8. Select “Two-way” as the direction of the trust, and then click “Next”.
  9. Select “This domain only” or “Selective authentication” as the scope of the trust, depending on your requirements. Click “Next”.
  10. Leave the default options selected on the next two screens, and click “Next” to confirm the outgoing trust settings.
  11. On the “Trust Password” screen, enter a strong password for the trust, and then click “Next”.
  12. On the “Complete the New Trust Wizard” screen, review the settings and click “Finish”.
  13. Open the Active Directory Users and Computers console, and create a new security group for the contoso.com users who will need access to the fabrikam.com file server. Add the required users to this group.
  14. Log in to a domain controller in the fabrikam.com domain with domain admin credentials.
  15. Open the Active Directory Users and Computers console.
  16. Create a new security group in the fabrikam.com domain, and add the contoso.com security group to it.
  17. On the file server in the fabrikam.com domain, open the Local Security Policy console.
  18. Navigate to “Local Policies” > “User Rights Assignment”.
  19. Edit the “Access this computer from the network” policy, and add the fabrikam.com\Contoso File Server Access security group to it.
  20. Open the Shared Folders console, and create a new shared folder for the contoso.com users.
  21. Add the fabrikam.com\Contoso File Server Access security group to the shared folder permissions, and assign the required permissions to the group.
  22. Log in to a computer in the contoso.com domain as a user who is a member of the new security group.
  23. Open Windows Explorer and navigate to the fabrikam.com file server by entering \fabrikam.com\sharename in the address bar.
  24. When prompted for credentials, enter your fabrikam.com domain credentials.
  25. You should now be able to access the shared folder on the fabrikam.com file server.

Congratulations, you have now successfully created a forest trust between contoso.com and fabrikam.com, and allowed file server access for contoso.com users to a file server located in fabrikam.com.

Share: XFacebookPinterestLinkedin
Author: tonyhughes