Lab done for cross forest AD two way trustNetwork Configuration for AD DC for domain abc.com

================================================================================== Network Configuration for AD DC for domain xyz.com

Network configuration for Router which will manage traffic between domain abc.com and xyz.com

You have to assign both the network cards to the router machine

Firewall is also off

Ping from Router machine to AAD in xyz.com

Ping from DC in abc.com to router

Ping from DC in xyz.com to router

Ping from DC in abc.com to DC in xyz.com

Ping from DC n xyz.com to DC in abc.com

Ping from Exchange server in abc.com to DC in abc.com Then ping to DC in xyz.com Then another exchange server in xyz.com

Ping from Exchange server in xyz.com to DC in xyz.com Then ping to DC in abc.com Then another exchange server in abc.com

One important thing though. When you ping FQDN from DC in abc.com to DC in xyz.com it doesn't work

And same is the case vice versa

To over this create DNS forwarders

Type In the IP address of the Domain controller in XYZ.com and press TAB button so as to let it Auto resolve the computer name

After Some time you will see that it will have a Green check mark next to it as the IP resolves to the computer in other network then you press OK button

When you will come back to the first page it will show you the computer name of the DC in other forest

Now when you will Ping FQDN of domain controller from ABC.com to Domain controller in XYZ.com it will be successful

Do the same on Other DC as well

And here are the Ping statistics that shows positive results.

Now we will Create Cross forest Two Way trust. We will start creating it in the first Domain controller in Forest ABC.com

Right click on the domain name and click on Properties from ‘Active Directory Domains and Trust snapin’

In the Properties Dialog Box click on ‘Trusts’ tab and then click on New trust Button at the bottom.

This is a very important step. You have to only mention the domain name of the other Forest in the field below like I Did as it’s a forest wide trust

Select the option Forest Trust below and click next

Then select Two-way trust and then click Next

Then click on option ‘Both this domain and specified domain’

Now you have to mention the password of system admin of the other forest as the query for authentication will reach the remote forest to create a two-Way trust.

Once done click on option ‘Selective authentication’

Then select the option ‘Forest-wide authentication’

Once the trust wizard will be at its completion it will you will have the summary displayed

Once you will click Next button you will have the result summary displayed confirming that the trust has been created successfully.

Select the Option yes to confirm outgoing Trust.

Do the same for the Incoming trust as well.

End of the wizard. Click Finish Button

When You will come back to the page you will have the domain name mentioned under trust section

And when you go to the Domain Controller of the other forest you do not need to re-run the trust creation wizard as it will be already created as we selected the option ‘two-Way trust’ and mentioned the credentials for the remote forest’s administrator

Now its time to validate the Trust

When you click the validate Button mentioned the credentials of the remote forest’s administrator

In the Next statement to enable name suffix routing for the trust click Yes

Same has to be done in the XYZ.com forest as well.

Now I'll Show you a user names User1 from domain ABC.com will log into a system which is domain joined in XYZ.com

And off course the other user names EXCH-2013-2@xyz.com can also log into same machine