Realm
trusts are used to provide cross-platform interoperability with
security services that are based on other versions of the Kerberos V5
protocol. Realm trusts can be two-way or one-way. A two-way realm trust
allows users in the domain in your forest and the realm to access
resources in either domain or realm. A one-way realm trust allows users
in your domain to access resources in the realm, or users in the realm
to access resources in your domain.
The steps to create
realm trusts differ depending on the direction of the trust being
created. The sections that follow detail the steps to create realm
trusts.
To complete this task, you must use an AD DS account that has membership in one of the following AD DS groups:
To create a realm trust, perform the following steps:
1. | Log on to a domain controller or a member computer that has Windows Server 2008 Remote Server Administration Tools installed.
|
2. | Click Start, click Administrative Tools, and then click Active Directory Domains and Trusts.
|
3. | In the console tree, right-click the domain node for the forest root domain; then click Properties.
|
4. | Click the Trusts tab.
|
5. | Click New Trust.
|
6. | On the Welcome to the New Trust Wizard page, click Next.
|
7. | On the Trust Name page, shown in Figure 1, type the DNS name of the other forest and then click Next.
|
8. | On the Trust Type page, select Realm trust and click Next, as shown in Figure 2.
|
9. | On the Transitivity of Trust page, shown in Figure 3, select Nontransitive or Transitive and click Next.
|
10. | On the Direction of Trust page, shown in Figure 4, select Two-way, One-way: incoming, or One-way: outgoing, and click Next.
|
11. | On the Trust Password page, shown in Figure 5, enter and confirm a password to be used for the creation of the trust; then click Next.
|
12. | On the Trust Selections Complete page, click Next.
|
13. | On the New Trust Wizard page, click Finish. |
