如何创建两个域之间的信任

如何创建两个域之间的信任

DC1的操作
设置DNS 转发器.

1.从“开始”菜单-》控制面板-》管理工具-》DNS 启动DNS控制台。

2.在Server 上右击选择属性,然后单击＂转发器＂

3.选择->新建->添加lcmcom4.local(添加你要信任的域的域名),单击确定。

4.从DNS域列表选择你刚添加的域名lcmcom4.local,并且在下面的IP地址列表输入这个域的DNS的IP地址,单击添加.

5.然后,单击确定.

创建信任关系

1.从“开始”菜单-》控制面板-》管理工具-》Active Directory 域和信任关系，启动MMC控制台。

2.右击服务器选择属性,单击信＂任选＂选项卡．

3.选择＂新建信任＂按纽．打开＂新建信任向导．

4.单击下一步，输入DC2的域名lcmcom4.local。

5.单击下一步，选择“双向”。

可能这个screen出现不了，并且报如下的错误。可以通过下面的方法，troubleshoot:

The local security authority is unable to obtain an RPC connection to the Domain controller

Error message: "The local security authority is unable to obtain an RPC connection to the Domain controller"

Problem description: when you try to establish a trust from a domain controller running inside a VMWare virtual machine, the trust is not established. The possible cause provided by Microsoft is a DNS name resolution or RPC problem.

Cause: in fact, it has nothing to do with a DNS or RPC problem whatsoever. The origin of the problem is in a

VMWare Tools component, nl. Shared Folders. The purpose of this component is to be able to share files between a management workstation and the virtual machine.

Resolution: uninstall the Shared Folders component in your virtual machine (DC).

Go to Add/remove programs => VMWare Tools => click "change" => next => deselect "Shared Folders".

Make sure you do this on all VMware DCs

Reboot the machine.

Establish the trust.

6.单击下一步,选择只是这个域.

7.单击下一步，选择“全域性身份验证”。

8.单击下一步，输入信任密码。

9.单击下一步

10.最后单击完成.

DC2的操作

在DC2 上重复DC1上的操作.

注意:

DC2 上的DNS 转发器要添加一个lcm123.com域名并且IP指向172.16.16.179.

DC2上创建信任时的域也要是lcm123.com,并且密码要和DC1上创建时的密码相同.

两个域的DC服务器的时间一定要同步.