Microsoft KB Archive/816301

= How to create an external trust in Windows Server 2003 =

PSS ID Number: 816301

Article Last Modified on 5/19/2004

-

The information in this article applies to:


 * Microsoft Windows Server 2003, Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition
 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, 64-Bit Enterprise Edition

-





For a Microsoft Windows 2000 version of this article, see 309682.

IN THIS TASK

 * SUMMARY
 * Create an External Trust
 * REFERENCES



SUMMARY
This step-by-step article describes how to create an external trust in Windows Server 2003.

An external trust is a non-transitive trust that is used to provide access to resources that are located either on a Microsoft Windows NT 4.0 domain or an Active Directory domain that is located in a separate forest that is not joined by a forest trust. A non-transitive trust is a trust relationship that is restricted to two domains, and can be either a one-way or a two-way trust.

back to the top

Create an External Trust

 * 1) Click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
 * 2) In the console tree, right-click the domain that you want to establish a trust with, and then click Properties.
 * 3) Click the Trusts tab, and then click New Trust to start the New Trust Wizard.
 * 4) Click Next.
 * 5) On the Trust Name page, type the DNS name or NetBIOS name of the domain, and then click Next.
 * 6) On the Trust type page, click External trust, and then click Next.
 * 7) On the Direction of Trust page, use one of the following methods:
 * 8) * To create a two-way, external trust, click Two-way. Users in this domain and users in the specified domain can access resources in either domain.
 * 9) * To create a one-way, incoming external trust, click One-way:incoming.

For example, in a situation where DomainA has a one-way, incoming external trust with DomainB then users in this domain (DomainA) can access resources in the specified domain (DomainB). Users in the specified domain (DomainB) cannot access any resources in this domain (DomainA). DomainA is trusted and DomainB is trusting.
 * 1) * To create a one-way, outgoing external trust, click One-way:outgoing.

For example, in a situation where DomainA has a one-way, outgoing external trust with DomainB then users in this domain (DomainA) cannot access any resources in the specified domain (DomainB). Users in the specified domain (DomainB) can access resources in this domain (DomainA). DomainA is trusting and DomainB is trusted.
 * 1) Follow the instructions on the remaining pages of the wizard to create the external trust.

Note
 * You must be a member of the Domain Administrators group or Enterprise Administrators group to perform this procedure. You can also perform this procedure if you are delegated the appropriate authority.
 * If you have the appropriate administrative credentials for each domain in the trust, you can create both sides of the external trust at the same time. To do so, click Both this domain and the specified domain on the Sides of Trust page of the New Trust Wizard.
 * If you want to permit users from the specified domain to obtain access to all the resources in this domain, click Allow authentication for all resources in the local domain on the Outgoing Trust Properties page of the New Trust Wizard. Use this option when both domains belong to the same organization.
 * If you want to restrict users in the specified domain from obtaining access to any of the resources in this domain, click Allow authentication only for selected resources in the local domain. Use this option when each domain belongs to a separate organization on the Outgoing Trust Properties page of the New Trust Wizard.

back to the top

