Here's how to create a trust relationship in Windows Server using the Active Directory Domains and Trusts tool:
1. Open the tool:
- Go to Start, then Run.
- Type dsa.msc and press Enter.
2. Right-click the domain and select Properties.
3. Select the Trusts tab.
4. Click New Trust and then Next.
5. Enter the Trust Name:
- For a Managed Microsoft AD domain, enter the FQDN.
- For another domain, enter the DNS name or NetBIOS name.
6. Select the Trust type: Choose Forest trust.
7. Set the Direction of Trust:
- One-way incoming: for a one-way trust.
- Two-way: for a two-way trust.
8. Choose the Sides of Trust: Select This domain only.
9. Set the Outgoing Trust Authentication Level: Choose Forest-wide authentication.
10. Enter the Trust Password:
- Both forests' administrators need to know this password.
11. Click Next and finish the wizard.
Additional notes:
- To create a forest trust, you must be a member of the Domain Admins group in the forest root domain or the Enterprise Admins group in Active Directory.
- Each trust is assigned a password that administrators in both forests must know.
- After creating the trust, you need to configure it on the other domain.
- You can test and validate the trust relationship for authentication and resource access.
If you encounter any issues, you can try removing the affected machine from the domain and adding it again.