Information Technology Reference
In-Depth Information
1. Log on to
ServerXX
as Administrator, and open Active Directory Domains and Trusts.
2. Right-click
w2k8adXX.com
and click
Properties
.
3. Click the
Trusts
tab, and click the
New Trust
button to start the New Trust Wizard. Click
Next
in the wizard's welcome window.
4. Type
w2k8ad1XX.com
in the Name text box, and then click
Next
.
5. Click the
Forest trust
option button for the trust type. You can also create an external trust
in this window, but an external trust isn't transitive. Windows 2000 Server forests and NT
domains don't support forest trusts, so you must select an external trust if you're using these
OSs. Click
Next
.
6. In the Direction of Trust window, verify that the default
Two-way
is selected, and then click
Next
.
7. In the Sides of Trust window, click
Both this domain and the specified domain
. If you're cre-
ating only one side of the trust, you're asked to enter a trust password, which must be used
to create the second side of the trust. Click
Next
.
8. Type
w2k8ad1XX.com\administrator
in the User name text box and
Password02
in the
Password text box, and then click
Next
. (If you enter incorrect credentials, you must restart
the trust creation from the beginning.)
9. In the Outgoing Trust Authentication Level—Local Forest window, verify that
Forest-wide
is selected for the authentication level, and then click
Next
.
10. In the Outgoing Trust Authentication Level—Specified Forest window, verify that
Forest-
wide
is selected, and then click
Next
.
11. Review your settings in the Trust Selections Complete window, and then click
Next
.
12. In the Trust Creation Complete window, the status of the trust creation and a summary of
your choices are displayed. Click
Next
.
13. In the Confirm Outgoing Trust window, click
Yes, confirm the outgoing trust
, and then click
Next
.
14. In the Confirm Incoming Trust window, click
Yes, confirm the incoming trust
, and then click
Next
.
15. Click
Finish
. The Trusts tab should list w2k8ad1XX.com in both the outgoing trusts and
incoming trusts lists. Click
OK
.
16. Close all open windows, and stay logged on for the next activity.
10
Activity 10-9: Confirming Cross-Forest Access
Time Required:
10 minutes
Objective:
Access resources from one forest to another.
Description:
Try to access resources in the w2k8adXX.com domain from the w2k8ad1XX.com
domain.
1. Log on to
Server1XX
as Administrator, if necessary.
2. Click
Start
,
Run
. Type
\\ServerXX.w2k8adXX.com
and click
OK
. A Windows Explorer
window should open that lists all shares on ServerXX.
3. Double-click
Shared
. It should open. When you try to create a file, you should be success-
ful. The Shared share has Full Control permission assigned to the Everyone group, which
includes authenticated users from other forests.
4. In Windows Explorer, click the
back arrow
to see the list of shared folders on ServerXX.
Double-click
TestShare1
. (Don't click TestShare because the Everyone group has permission
to it.) You should get a “Windows cannot access” message. Click
Diagnose
. Windows
should report that TestShare1 is available, but you were denied access. Click
Cancel
.
5. Log on to
ServerXX
as Administrator, if necessary.
Search WWH ::
Custom Search