Creating domain trusts to easily share resources
Problem
I need to share a resource in my local domain with a remote domain without creating new user accounts for the remote domain workers to authenticate with. The remote users must be able to connect using their current logins.
Solution
To achieve this you can create a domain trust between your local domain and the remote domain you want to access your resources.
Your local domain will be the trusting domain and the remote domain will be the trusted domain.
In order for the remote users to authenticate in your domain you need to create an outgoing trust as apposed to an incoming trust which would be the remote domain trusting your local users.
It is possible to create a two way trust in that both domains trust users from each domain for authentication.
Create a LAN to LAN VPN Connection
I typically use DrayTek routes for our Broadband connections as they are reliable and are easy to configure for pinned up LAN to LAN VPN.
Add DNS Stub Zones
Now follow the same process but on the remote domain to be able to resolve your domain name to your PDC.
Add an Outgoing domain trust in Active Directory Domains and Trusts
- Open Active Directory domains and trusts
- Right click your domain name and click properties
- Click the Trusts tab
- Click New Trust
- Enter the remote domain name you wish to be trusted then click next
- Select that you want to add an outgoing trust then click next
- Select that you wish to setup the trust in the local and remote domain then click next
- Enter a credentials for the remote domain and click next
- Tick you you wish to validate the trust and click next
- The trust will be validated and you should then click Finish.
At this stage you should now have DNS Zones functioning correctly for resolution both ways and an outgoing trust from your trusting local domain to the remote trusted domain.
It is now as simple as adding permissions to a folder or printer as you would to local users and groups in your current active directory. A point to note however is that as this is an outgoing trust you will be prompted for the remote domains credentials when searching for the account or group you wish to add permissions for. This can be overcome by adding a two way trust instead of just an outgoing.
