Two domains in the same forest, two root domains in the same tree, and any contiguous domains in a single tree have transitive trust relationships, with the later two being implicit. Certain situations really require that you establish a one-way trust relationship. For example, if you are running Microsoft ISA Server in another forest from a domain you would want to have a trust relationship from that firewall to other domains, but not the other way around.
First, make sure that each domain in the relationship is part of your DNS infrastructure. To create a one-way trust in Windows 2000 Server you need to open the Active Directory Domains and Trusts console on a domain controller in the trusted domain. Click the Add button in the Domains that trust this domain pane, and enter the name of the trusting domain and a password into the dialog box. You will be asked to verify this relationship, and enter a name and password of an admin with domain-modification privileges. Close the console.
Now on a domain controller in the trusting domain open the Active Directory Domains and Trusts console there. Right click on the trusting domain and select the Properties command. Click the Add button in the Domains trusted by this domain box, then enter the name of the trusted domain and password into the dialog box.
For Windows NT 4.0 Domains, you would use the User Manager for Domains to create a one-way trust relationship. Select the Trust Relationships command on the
Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
This was first published in May 2003