Great video. Thank you very much. I haven't set up a trust between domain in over 7 years and I have been struggling all day to figure out what I was doing wrong. Your video helped me to get it correct. Thank you very much.
Thank you for your webcast, I'm joining your tutorials a lot and they are all most informative, accurate and functional. In this video the deep look in dns is very helpful, again, thanx for your work.
How did you setup the VM network, because with Nat Network I already created both domains and for one joined their child. But I'm not able to ping the other DC, they are on the same Nat Network and have network discovery enabled. But they recognize the same network in different way one recognize the network as public and the other private. Some advice ?
Suppose, I wish to create AD SERVER 1 AND ITS EXPLICIT DNS 1 SEPERATE VM AND SAME FOR SECOND DOMAIN....TOTAL TWO DOMAINS TWO AD , TWO DNS...THEN THE SAME STEPS CAN BE FOLLOWED??
Questions: 1. does the physical platform have an influence in the configuration of the trusting domain? 2. what are the consequences if we have a Windows server 2019 Virtual and windows SBS 2011 scenario (no longer covered in the Forest and Domain functional level list) by a two-way Trust?
This is very informative but having 2 VERY DIFFERENT Forest name would make it easier for the learner. The name of the 2 forests are too similar, which makes the understanding rather less than perfect. Besides that, you did a good job. Another concern is that 2 new companies creating a trust relationship are very unlikely to be in the same DNS and no Firewall. Having a video with these 2 concerns addressed would be closer to reality and what a System Admin is likely to find out there.
thanks , but i faced a problem . when i want to log in with user i faced this problem '' the sign-in method you're using isn't allowed" . can you help me ?
Thanks for this. However when I try to login to domain B client machine with domain A user, it logs me or not loggin me in. I verified that the 2 way trust is working and validated
@@MSFTWebCast , Thanks for your response. I tried this and this time ( The Connection was Denied Because the User Account is not Authorized for Remote Login ) . Just to summarise, I created 2 domains as per your previous videos and named them as red.local and blue.local. Created trust between red and blue domains using conditional forwarders and verified as per your video. When I login in to blue domain client using red domain user. I get this error (The Connection was Denied Because the User Account is not Authorized for Remote Login ). red domain user is part of remote desktop user(inbuilt group) in the red domain and also has the policy to allow remote logon
@@nandalgmovie User from RED (Domain) must be member of the RemoteDesktopUsers on client machine (Blue Domain). That is what prevent your user from login to that client machine.
Hi, i noticed that you didnt validate the imcoming and outgoing direction of the trust. If so, how will both domains sync with each other when a user or a group is created?
After Forest Trust i am unable to login devices, [Window Title] Remote Desktop Connection [Content] The connection was denied because the user account is not authorized for remote login. [OK] [Help]
Open Group Policy Management. Go to Default Domain Controllers Policy under Domains > {your.domain} > Domain Controllers. Right click to edit and go to: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment. double click on Allow log on locally. Add User or Group. Browse. Locations and select your trusted other domain. type in the username you want to log on with in the field. save. enter in cmd: gpupdate /force. you can check; Deny log on locally and Deny log on through Remote Desktop Services. to make sure there is nothing in there. that is it
![How to Setup a Domain Trust [Forest Trust] - Between Two Domains on Windows Server](http://i.ytimg.com/vi/t6VI6Xe3lck/mqdefault.jpg)
MSFT WebCast is one of the best IT Channels around. Thanks so much for the info!!!
Wow, thanks!
You Sir, are a scholar and a gentleman!! Worked perfectly between a new 2019 domain and existing 2012 domain. Amazing video. THANK YOU!
Great video. Thank you very much. I haven't set up a trust between domain in over 7 years and I have been struggling all day to figure out what I was doing wrong. Your video helped me to get it correct. Thank you very much.
Glad it helped!
I had problems to establish one way forest trust but your video hinted me about DNS conditional forwarding. Thanks!
Glad it helped!
Very clear and straightforward, thank you for sharing and posting this. Amazing work!
Thank you for your webcast, I'm joining your tutorials a lot and they are all most informative, accurate and functional. In this video the deep look in dns is very helpful, again, thanx for your work.
Hi Brother, can you make complete tutorials for ADFSand ADCS?
It will take a while. I dont want to break the sequence.
Excellent video, this helped me complete a virtual lab for an assignment. Thank you!
Glad it helped!
wow!! great video and thanks a lot for sharing your knowledge
I LOVE YOU!!! You have just helped me with my server project!!!💗💗💗
Great work. I needed to prepare for task at work and this explained everything in detail! Thanks again :)
Thanks! Very useful video!
my friend, about the firewall ports, should I use it for inbound or outbound?
It's very clear and thank's
Glad it helped.
Thanks a lot.. Your all labs are very helpful and explained very well.
Good explain..
Hi Sir, I want to add 2 DFS server in each forest and I want to replicate data between forest. Thanks a lot
Thx, helped very much.
Well done! Thanks 🤟
It was great. Thankful.
How did you setup the VM network, because with Nat Network I already created both domains and for one joined their child. But I'm not able to ping the other DC, they are on the same Nat Network and have network discovery enabled. But they recognize the same network in different way one recognize the network as public and the other private. Some advice ?
Change the adapter type to host-only or Internal.
@@MSFTWebCast OK I'll try thank you
Play on .75 playback speed for optimal experience. thanks m8
Usually I speed up the playback but in this case speed 1.0 was almost a little bit too fast :D
Suppose, I wish to create AD SERVER 1 AND ITS EXPLICIT DNS 1 SEPERATE VM AND SAME FOR SECOND DOMAIN....TOTAL TWO DOMAINS TWO AD , TWO DNS...THEN THE SAME STEPS CAN BE FOLLOWED??
Sir, Whats the main advantage or benefit of creating this Trust???
Questions:
1. does the physical platform have an influence in the configuration of the trusting domain?
2. what are the consequences if we have a Windows server 2019 Virtual and windows SBS 2011 scenario (no longer covered in the Forest and Domain functional level list) by a two-way Trust?
Thank you very much! You are the best. :)
This is very informative but having 2 VERY DIFFERENT Forest name would make it easier for the learner. The name of the 2 forests are too similar, which makes the understanding rather less than perfect. Besides that, you did a good job. Another concern is that 2 new companies creating a trust relationship are very unlikely to be in the same DNS and no Firewall. Having a video with these 2 concerns addressed would be closer to reality and what a System Admin is likely to find out there.
Noted. Will implement suggestion while creating new videos with Windows Server 2022. Thanks for the suggestion.
and how to add users or group from domain a to domain b, it's not possible to see the users from another domain
thanks , but i faced a problem . when i want to log in with user i faced this problem '' the sign-in method you're using isn't allowed" . can you help me ?
Use users UPN to sign in.
Thanks for this. However when I try to login to domain B client machine with domain A user, it logs me or not loggin me in. I verified that the 2 way trust is working and validated
Use domain usera's UPN to sign in. For ex: user@domainA.local
@@MSFTWebCast , Thanks for your response. I tried this and this time ( The Connection was Denied Because the User Account is not Authorized for Remote Login ) . Just to summarise, I created 2 domains as per your previous videos and named them as red.local and blue.local. Created trust between red and blue domains using conditional forwarders and verified as per your video. When I login in to blue domain client using red domain user. I get this error (The Connection was Denied Because the User Account is not Authorized for Remote Login ). red domain user is part of remote desktop user(inbuilt group) in the red domain and also has the policy to allow remote logon
@@nandalgmovie User from RED (Domain) must be member of the RemoteDesktopUsers on client machine (Blue Domain). That is what prevent your user from login to that client machine.
@@MSFTWebCast Guru, Thanks for giving me the answer. Worked like a charm. Do you have any videos for trusted cross-domain certificates issuance
Hi, i noticed that you didnt validate the imcoming and outgoing direction of the trust.
If so, how will both domains sync with each other when a user or a group is created?
Your videos are awesome.
In some videos you have not defined the concept and use cases of that video.
Eg what is the Trust and when it is used.
Forest trusts are implemented when users of an internal forest need to authenticate to and/or
gain access to all resources of an external forest.
why u didn't accept the incoming trust on the 2nd domain?
Great job. Thank you.
sir, all the steps are done..but i cant login to the domain.. getting a msg saying "the signin method you are trying to use isn't allowed"
If you have created trust properly then I dont think there should be any issue. Check again after some time. Let me know how it goes.
After Forest Trust i am unable to login devices,
[Window Title]
Remote Desktop Connection
[Content]
The connection was denied because the user account is not authorized for remote login.
[OK] [Help]
Are you login remotely? I mean using RDP?
how to configurare single forest one way domain trust between two dc
Sir how to configure different IP address in VMware virtual machine and communicate please provide link....
You can use another VM (server) with two network adapters and configure LAN routing it to use it as a router.
i can't sign in the user, that i created on server1 on the client computer of server2
1. Did the trust created successfully?
2. Use users UPN to sign in.
3. On which machine are you trying to log in?
i feel you. same issue here. i followed every step but i cannot log in the user
Open Group Policy Management. Go to Default Domain Controllers Policy under Domains > {your.domain} > Domain Controllers. Right click to edit and go to: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment. double click on Allow log on locally. Add User or Group. Browse. Locations and select your trusted other domain. type in the username you want to log on with in the field. save. enter in cmd: gpupdate /force. you can check; Deny log on locally and Deny log on through Remote Desktop Services. to make sure there is nothing in there. that is it
Thanks alott
Thanks ..
You are creating confusion by choosing name of the computer
Have any company give job mcsa certification
nahi bana relation
At which point?