Creating domain trusts to easily share resources

Problem

I need to share a resource in my local domain with a remote domain without creating new user accounts for the remote domain workers to authenticate with. The remote users must be able to connect using their current logins.

Solution

To achieve this you can create a domain trust between your local domain and the remote domain you want to access your resources.

Your local domain will be the trusting domain and the remote domain will be the trusted domain.

In order for the remote users to authenticate in your domain you need to create an outgoing trust as apposed to an incoming trust which would be the remote domain trusting your local users.

It is possible to create a two way trust in that both domains trust users from each domain for authentication.

Create a LAN to LAN VPN Connection

I typically use DrayTek routes for our Broadband connections as they are reliable and are easy to configure for pinned up LAN to LAN VPN.

Add DNS Stub Zones

2020 09 21 17 20 14 Window2
Load up DNS Server
2020 09 21 17 20 24 Window
Click to create a Stub Zone
2020 09 21 17 20 48 Window
Enter the name of the remote domain to be trusted
2020 09 21 17 21 10 Window
Enter the IP Address of the PDC in the remote domain
2020 09 21 17 21 18 Window
Once done and verified click Finish.
2020 09 21 17 20 14 Window2
You should then see a new remote domain appear under Forward lookup Zones

Now follow the same process but on the remote domain to be able to resolve your domain name to your PDC.

Add an Outgoing domain trust in Active Directory Domains and Trusts

  1. Open Active Directory domains and trusts
  2. Right click your domain name and click properties
  3. Click the Trusts tab
  4. Click New Trust
  5. Enter the remote domain name you wish to be trusted then click next
  6. Select that you want to add an outgoing trust then click next
  7. Select that you wish to setup the trust in the local and remote domain then click next
  8. Enter a credentials for the remote domain and click next
  9. Tick you you wish to validate the trust and click next
  10. The trust will be validated and you should then click Finish.
2020 09 21 17 25 42 Window

Add permissions to the resources you wish to share out

At this stage you should now have DNS Zones functioning correctly for resolution both ways and an outgoing trust from your trusting local domain to the remote trusted domain.

It is now as simple as adding permissions to a folder or printer as you would to local users and groups in your current active directory. A point to note however is that as this is an outgoing trust you will be prompted for the remote domains credentials when searching for the account or group you wish to add permissions for. This can be overcome by adding a two way trust instead of just an outgoing.

If you found this article helpful, would you consider buying me a Coffee?