Problem solve Get help with specific problems with your technologies, process and projects.

Set up one-way trust relationships

Why you would want to and how to do it.

Two domains in the same forest, two root domains in the same tree, and any contiguous domains in a single tree...

have transitive trust relationships, with the later two being implicit. Certain situations really require that you establish a one-way trust relationship. For example, if you are running Microsoft ISA Server in another forest from a domain you would want to have a trust relationship from that firewall to other domains, but not the other way around.

First, make sure that each domain in the relationship is part of your DNS infrastructure. To create a one-way trust in Windows 2000 Server you need to open the Active Directory Domains and Trusts console on a domain controller in the trusted domain. Click the Add button in the Domains that trust this domain pane, and enter the name of the trusting domain and a password into the dialog box. You will be asked to verify this relationship, and enter a name and password of an admin with domain-modification privileges. Close the console.

Now on a domain controller in the trusting domain open the Active Directory Domains and Trusts console there. Right click on the trusting domain and select the Properties command. Click the Add button in the Domains trusted by this domain box, then enter the name of the trusted domain and password into the dialog box.

For Windows NT 4.0 Domains, you would use the User Manager for Domains to create a one-way trust relationship. Select the Trust Relationships command on the Policy menu, and then click the Add button in the Trusted Domains pane. You'll be prompted to enter the trusted domain and a password.

Barrie Sosinsky is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.

This was last published in May 2003

Dig Deeper on LANs (Local Area Networks)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.