Information Technology Reference
In-Depth Information
3. In the Sides of Trust window, choose whether you're creating the trust for the local domain
only or for both domains, and then click Next.
4. In the Outgoing Trust Authentication Level—Local Forest window, the choices are forest-wide
authentication or selective authentication (see Figure 10-13). Forest-wide authentication means
Windows should authenticate all users in the specified forest for all resources in the local forest.
With selective authentication , you can choose which local forest resources that users in the
specified forest can be authenticated to. Authenticating a user for a resource doesn't grant the
user access; permissions must also be set. Microsoft recommends forest-wide authentication
when both forests belong to the same company and selective authentication when the forests
belong to different organizations. Select your authentication level, and then click Next.
10
Figure 10-13
Selecting an authentication level
5. In the Routed Name Suffixes—Specified forest window, if multiple trees exist in one of the
forests, you're asked whether you want to prevent authentication requests from any of the
name suffixes. A name suffix generally represents a second-level domain name.
6. Last, you're asked to confirm the trust.
Activity 10-6: Creating Stub Zones and Conditional Forwarders
Time Required: 15 minutes
Objective: Create a stub zone and a conditional forwarder.
Description: You want to create a forest trust between w2k8adXX.com and w2k8ad1XX.com,
but first you must configure DNS. You decide to create a stub zone on the w2k8adXX.com DNS
server and a conditional forwarder on the w2k8ad1XX.com DNS server.
1. Log on to ServerXX as Administrator, if necessary, and open DNS Manager.
2. Right-click Forward Lookup Zones and click New Zone . In the New Zone Wizard's wel-
come window, click Next .
3. In the Zone Type window, click the Stub zone option button verify that the Store the zone
in Active Directory check box is selected and then click Next .
4. In the Active Directory Zone Replication Scope window, make sure To all DNS servers in
this domain is selected, and then click Next . (If you had multiple domains, you might want
to choose To all DNS servers in this forest.)
5. In the Zone name text box, type w2k8ad1XX.com , and then click Next .
 
Search WWH ::




Custom Search