How to create a relationship between Win2003 and Win2008


We created a domain trust relationship in the previous article. This trust relationship occurred between two Win2003 domains, and both domains used the same DNS server. Today we replaced an experimental scenario with the topology shown below. One is the Win2003 domain and the other is the Win2008 domain. Both domains provide DNS resolution using their respective domain controllers, and the functional level of the Win2008 domain is Win2003, and we will show you how to create a trust relationship between the two domains.
The key to this experiment is DNS! The difference in the operating system is not important. The Win2008 domain can be used with Win2003 domains to create trust relationships with Win2000 domains. We should pay attention to the DNS settings. Each domain controller must ensure that the DNS server it uses can not only resolve the SRV records of the domain, but also resolve the SRV records with the domain that it has a trust relationship with. Both the trust domain and the trusted domain's SRV records can be parsed. How can I make each DNS server resolve SRV records of two domains? We have a variety of technologies to choose from, such as auxiliary areas, stub areas, private roots or repeaters. In this experiment we used a secondary area to solve this problem, creating a secondary area of ​​the other domain on each DNS server, so that the DNS server can resolve the two domains. We show you how to create a secondary area for First we need to set it in the area that Server1 is responsible for, allowing Server2 to create the auxiliary area of ​​ Open the DNS Manager on Server1, as shown below, right click on the area and select “Properties”. In the area attribute, switch to the “area transmission” label, as shown below, check “Allow area transmission”, select “Allow only to the following servers”, click the “Edit” button. After clicking the edit button, as shown below, we added the address of Server2 to and click OK. As shown in the figure below, we have set the zone data that allows to copy In fact, it is to allow to become the secondary DNS server of Now that the zone has allowed Server2 to become a secondary server, we will start creating secondary zones on Server2. Open the DNS Manager on Server2, as shown below, select “New Zone”. The name of the zone is set to Next, you need to set the main server of Obviously, the main server of is server1, which is Click the “Complete> button to complete the creation of the area as shown below. We can see in the DNS manager of Server2 that the zone record of has been copied to Server2, and Server2 has successfully become the secondary server of Server1. Next, we have to do the same. On Server2, Server1 is allowed to become the secondary server of Then, the auxiliary area is created on Server1, and the area data of is copied to Server1. As shown in the figure below, we have seen that the area data of has been successfully copied on Server1. Once the DNS is fully prepared, we can set up the domain trust relationship. We are going to set up a two-way trust relationship between and As shown in the following figure, we open "“Active Directory domain and trust relationship" on Server1, right click on, select “properties” . Switch to the "Trusts" tab in the domain properties of and click “New Trust”. The New Trust Relationship Wizard appears, click “Next” to continue. The wizard asks which domain 1 server1 is going to establish a trust relationship with, and we enter the domain name of Next we have to choose whether to establish a non-transferable external trust between the two domains, or a passable forest trust, we choose to establish external trust. As shown below, we choose to establish a two-way trust relationship. Next, the wizard asks whether to set them separately on the domain controllers of the two domains, or to set them at the same time. We select “ this domain and the specified domain” to prepare the trust relationship on both domain controllers. set up. The wizard then asks for the domain administrator password for so that the trust relationship can be set on the domain controller of We chose "global authentication" to allow trusted domain users to use all resources of the trusted domain. As shown in the figure below, the creation of the trust relationship is ready. Click Next to continue. As shown in the following figure, the trust relationship between the two domains has been successfully created. Make sure to upload a trust relationship in the domain. Next, determine the incoming trust relationship on the domain. As shown in the figure below, all the work has been completed, click “Complete” End domain trust relationship creation love you. As you can see from the figure below, a non-transitive two-way domain trust relationship is indeed created between the two domains, and our experimental goal has been achieved. This experiment actually has a wider adaptability, and can be used for the creation of trust relationships such as Win2000 and Win2003, Win2000 and Win2008. Everyone can take a look at it and realize it slowly. The zone type is set to the secondary zone.

Copyright © Windows knowledge All Rights Reserved