Create a one-way, incoming, realm trust

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

A one-way, incoming realm trust allows users in your Windows Server 2003 domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to access resources in the Kerberos realm. For example, if you are the administrator of the sales.wingtiptoys.com domain and users in that domain need to access resources in the Kerberos realm, you can use this procedure to establish a relationship so that users in the sales.wingtiptoys.com domain can access resources in the Kerberos realm.

You can create this realm trust by using the New Trust Wizard in Active Directory Domains and Trusts or by using the Netdom command-line tool. For more information about how to use the Netdom command-line tool to create a realm trust, see "Netdom.exe: Windows Domain Manager" in the Windows Server 2003 Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=41700).

Administrative credentials

To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory.

To create a one-way, incoming, realm trust

  1. Open Active Directory Domains and Trusts.

  2. In the console tree, right-click the domain node for the domain that you want to establish a trust with, and then click Properties.

  3. On the Trusts tab, click New Trust, and then click Next.

  4. On the Trust Name page, type the Domain Name System (DNS) name (or network basic input/output system (NetBIOS) name) of the domain, and then click Next.

  5. On the Trust Type page, click Realm trust, and then click Next.

  6. On the Transitivity of Trust page, do one of the following:

    • To form a trust relationship with the domain and the specified realm only, click Nontransitive, and then click Next.

    • To form a trust relationship with the domain and the specified realm and all trusted realms, click Transitive, and then click Next.

  7. On the Direction of Trust page, click One-way: incoming, and then click Next.

    For more information about the selections that are available on the Direction of Trust page, see the section "Direction of Trust" in Appendix: New Trust Wizard Pages.

  8. On the Trust Password page, type the trust password twice, and then click Next.

  9. On the Trust Selections Complete page, review the results, and then click Next.

  10. On the Completing the New Trust Wizard page, click Finish.

Note

For this trust to function, the administrator of the realm must complete the trust, using his or her administrative credentials and the exact same trust password that was used during this procedure.