Create a One-Way, Outgoing, Shortcut Trust for Both Sides of the Trust
Updated: January 9, 2009
Applies To: Windows Server 2008, Windows Server 2008 R2
You can this procedure to create both sides of a one-way, outgoing, shortcut trust. You must administrative credentials for your domain as well as for the reciprocal domain. If you have administrative credentials only for your domain, you can use the procedure Create a One-Way, Outgoing, Shortcut Trust for One Side of the Trust to create your side of the trust. Then, have the administrator for the reciprocal domain create a one-way, incoming, shortcut trust from his or her domain.
A one-way, outgoing, shortcut trust allows resources in your domain (the domain that you are logged on to at the time that you run the New Trust Wizard) to be accessed more quickly by users in another domain (which is nested within another domain tree) in your forest. For example, if you are the administrator of marketing.tailspintoys.com and resources in that domain need to be accessed by users in the sales.wingtiptoys.com domain (which is a child domain of the wingtiptoys.com tree root domain), you can use this procedure to establish one side of the relationship so that users in the sales.wingtiptoys.com domain can more quickly access resources in the marketing.tailspintoys.com domain.
You can create this shortcut trust by using the New Trust Wizard in the Active Directory Domains and Trusts snap-in or by using the Netdom command-line tool. For more information about using the Netdom command-line tool to create a shortcut trust, see Netdom Overview (http://go.microsoft.com/fwlink/?LinkId=111537).
Membership in Domain Admins or Enterprise Admins in Active Directory Domain Services (AD DS), or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To create a one-way, outgoing, shortcut trust for both sides of the trust
Open Active Directory Domains and Trusts.
In the console tree, right-click the domain node for the domain for which you want to establish a trust, and then click Properties.
On the Trusts tab, click New Trust, and then click Next.
On the Trust Name page, type the Domain Name System (DNS) name (or NetBIOS name) of the domain, and then click Next.
On the Trust Type page, click External trust, and then click Next.
On the Direction of Trust page, click One-way: outgoing, and then click Next.
For more information about the selections that are available on the Direction of Trust page, see "Direction of Trust" in Appendix: New Trust Wizard Pages.
On the Sides of Trust page, click Both this domain and the specified domain, and then click Next.
For more information about the selections that are available on the Sides of Trust page, see "Sides of Trust" in Appendix: New Trust Wizard Pages.
On the User Name and Password page, type the user name and password for the appropriate administrator in the specified domain.
On the Trust Selections Complete page, review the results, and then click Next.
On the Trust Creation Complete page, review the results, and then click Next.
On the Confirm Outgoing Trust page, do one of the following:
If you do not want to confirm this trust, click No, do not confirm the outgoing trust. Note that if you do not confirm the trust at this stage, the secure channel will not be established until the first time that the trust is used by users.
If you want to confirm this trust, click Yes, confirm the outgoing trust, and then supply the appropriate administrative credentials from the specified domain.
On the Completing the New Trust Wizard page, click Finish.