2.15. Creating a Trust Between a Windows NT Domain and an AD Domain

Problem

You want to create a one-way or two-way nontransitive trust from an AD domain to a Windows NT domain.

Solution

Using a graphical user interface

  1. Open the Active Directory Domains and Trusts snap-in.

  2. In the left pane, right-click the domain you want to add a trust for and select Properties.

  3. Click on the Trusts tab.

  4. Click the New Trust button.

  5. After the New Trust Wizard opens, click Next.

  6. Type the NetBIOS name of the NT domain and click Next.

  7. Assuming the NT domain was resolvable via its NetBIOS name, the next screen will ask for the Direction of Trust. Select Two-way, One-way incoming, or One-way outgoing, and click Next.

  8. If you selected Two-way or One-way Outgoing, you’ll need to select the scope of authentication, which can be either Domain-wide or Selective, and click Next.

  9. Enter and re-type the trust password and click Next.

  10. Click Next twice to finish.

Using a command-line interface

> netdom trust <NT4DomainName> /Domain:<ADDomainName> /ADD[RETURN]
         [/UserD:<ADDomainName>\ADUser> /PasswordD:*][RETURN]
         [/UserO:<NT4DomainName>\NT4User> /PasswordO:*][RETURN]
         [/TWOWAY]

For example, to create a trust from the NT4 domain RALLENCORP_NT4 to the AD domain RALLENCORP, use the following command:

> netdom trust RALLENCORP_NT4 /Domain:RALLENCORP /ADD[RETURN]
         /UserD:RALLENCORP\administrator /PasswordD:*[RETURN]
         /UserO:RALLENCORP_NT4\administrator /PasswordO:*

You can make the trust bidirectional, i.e., two-way, by adding a /TwoWay ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.