Configure DNS forwarding in the HGS domain and a one-way trust with the fabric domain
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
Important
AD mode is deprecated beginning with Windows Server 2019. For environments where TPM attestation is not possible, configure host key attestation. Host key attestation provides similar assurance to AD mode and is simpler to set up.
Use the following steps to set up DNS forwarding and establish a one-way trust with the fabric domain. These steps allow the HGS to locate the fabric domain controllers and validate group membership of the Hyper-V hosts.
Run the following command in an elevated PowerShell session to configure DNS forwarding. Replace fabrikam.com with the name of the fabric domain and type the IP addresses of DNS servers in the fabric domain. For higher availability, point to more than one DNS server.
Add-DnsServerConditionalForwarderZone -Name "fabrikam.com" -ReplicationScope "Forest" -MasterServers <DNSserverAddress1>, <DNSserverAddress2>To create a one-way forest trust, run the following command in an elevated Command Prompt:
Replace
bastion.localwith the name of the HGS domain andfabrikam.comwith the name of the fabric domain. Provide the password for an admin of the fabric domain.netdom trust bastion.local /domain:fabrikam.com /userD:fabrikam.com\Administrator /passwordD:<password> /add
Next step
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for