How to establish trust between two AD domain which are on azure VM?
you are here that means i am sure you must be looking solution to setup trust between two domain which are set up on azure for testing purpose. i am going to explain step by step process to enable the trust between two ad domain.
Before you start – Considerations
1> you have two azure VM in same Vnet, no matter if they are in different resource group.
2> you must have 2 AD domain setup on azure VM (or may be on premises is also fine as far as you just want to setup trust). you must have domain admin credentials for both domains.
3> Ad domain name can be .local
My LAb detail –
1> i have 1 azure subscription with one Vnet and two resource group (2008AD and 2012AD), each VM is created in different resource group as below
Lets get started –
Step 1 – login to AD2008 and AD2012 VM’s and Make sure you have DNs conditional forwards set on both domain DNS to resolve each others record
Check if the target domain name getting resolved
Step 2 – Lets login to AD2008 and open “active directory domain and trust” -> right click on domain name and go to properties
step 3- Go to Trusts tab -> click on “New Trust”
step 4 – Enter the target domain name (FQDN)
step 5 – Select “trust type” base on your requirement , in our setup i am selecting forest trust.. please have look at – Windows Active directory Trust type and difference.
step 6 – Select trust direction , in our case we are selecting two way
Two-Way -> both domain/forest allow to access resources from each other
One-Way incoming ->user from this domain can access resources of target domain
One-Way Outgoing->user from target domain can access resources of this domain
step 7 – Select Sides of trust, if you select Both side then the trust will get created in both forest/domain but in that case you must have credentials of target domain/forest as well.
Step 8 – if you have selected both side then you must have to enter target AD credentials and then click on Next – > then select authentication level for local forest
Forest-wide -> authentication all user for all resources over the trust
Selective – authentication selective users for any resources you you have to grant individual access to each domain and server after completion of this wizard
step 9 – select authentication level for target forest -> review all input and Finish.
Your lab is ready to do further testing like How to sync on-premises Active Directory to Azure Active Directory with Azure AD Connect?
(Visited 1,246 times, 1 visits today)