Creating The Forest Trust

By Author: iris
Total Articles: 286
Comment this article

A forest trust is a trust between two forest root domains, created to allow all CompTIA Security+ authentication requests made from one forest to reach another. The procedure for creating a forest trust is similar to the one used for creating an external trust. However, before you can create a forest trust, you must complete the following preliminary tasks.
Configure a DNS root server that is authoritative over both forest DNS servers that you want to form a trust with, or configure a DNS forwarder on both of the DNS servers that are authoritative for the trusting forests.
Ensure that the forest functional level for both forests is Windows Server 2003.
To configure a DNS forwarder, complete the following steps:
1.Click Start, point to Administrative Tools, and then click DNS.
2.In the console tree, right click the DNS server you want to configure, and then click Properties.
3.In the Properties dialog box for the DNS server, click the Forwarders tab.
In the Forwarders tab, specify the DNS domain names that require queries to be forwarded ...
... (conditional forwarding) in the Domain box by clicking New
and typing the domain name. Type the IP address(es) of the server(s) to which the queries are forwarded in the Selected 70-680 test questions Domain's IP Address List, and then click Add.
4. Click OK in the Forwarders tab.
You can raise the functional level of a forest to Windows Server 2003 only if all domain controllers in the forest are running Windows Server 2003 and all domain functional levels in the forest have been raised to Windows Server 2003. To change the forest functional level to Windows Server 2003, refer to Chapter 3, "Administering Active Directory."
Every Active Directory forest must have the schema master and domain naming master roles. Every domain in the forest must have the RID master, the PDC emu?lator, and the infrastructure master roles. The infrastructure master role should not be assigned to the domain controller that is hosting the global catalog.
To handle FSMO role failure, you can transfer or seize an operations master role.
Tree-root and parent-child trusts are established automatically when you add a new tree root domain to a forest or a new child domain to a tree. There are four other trusts which must be planned and established explicitly: shortcut trusts, realm trusts, external trusts, and forest trusts. You use the New Trust Wizard to create explicit trusts, which is accessed from the Active Directory Domains and Trusts free exam papers administrative tool.