Set up one-way trust relationships

Two domains in the same forest, two root domains in the same tree, and any contiguous domains in a single tree have transitive trust relationships, with the later two being implicit. Certain situations really require that you establish a one-way trust relationship. For example, if you are running Microsoft ISA Server in another forest from a domain you would want to have a trust relationship from that firewall to other domains, but not the other way around.

First, make sure that each domain in the relationship is part of your DNS infrastructure. To create a one-way trust in Windows 2000 Server you need to open the Active Directory Domains and Trusts console on a domain controller in the trusted domain. Click the Add button in the Domains that trust this domain pane, and enter the name of the trusting domain and a password into the dialog box. You will be asked to verify this relationship, and enter a name and password of an admin with domain-modification privileges. Close the console.

Now on a domain controller in the trusting domain open the Active Directory Domains and Trusts console there. Right click on the trusting domain and select the Properties command. Click the Add button in the Domains trusted by this domain box, then enter the name of the trusted domain and password into the dialog box.

For Windows NT 4.0 Domains, you would use the User Manager for Domains to create a one-way trust relationship. Select the Trust Relationships command on the

    Requires Free Membership to View

Policy menu, and then click the Add button in the Trusted Domains pane. You'll be prompted to enter the trusted domain and a password.

Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.

This was first published in May 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.