如何創建兩個域之間的信任
![]()
DC1的操作
設置DNS 轉發器.
設置DNS 轉發器.
1.從“開始”菜單-》控制面板-》管理工具-》DNS 啓動DNS控制檯。
![]()
2.在Server 上右擊選擇屬性,然後單擊"轉發器"
![]()
![]()
3.選擇->新建->添加lcmcom4.local(添加你要信任的域的域名),單擊確定。
![]()
4.從DNS域列表選擇你剛添加的域名lcmcom4.local,並且在下面的IP地址列表輸入這個域的DNS的IP地址,單擊添加.
![]()
5.然後,單擊確定.
創建信任關係
1.從“開始”菜單-》控制面板-》管理工具-》Active Directory 域和信任關係,啓動MMC控制檯。
![]()
2.右擊服務器選擇屬性,單擊信"任選"選項卡.
![]()
3.選擇"新建信任"按紐.打開"新建信任嚮導.
![]()
4.單擊下一步,輸入DC2的域名lcmcom4.local。
![]()
5.單擊下一步,選擇“雙向”。
可能這個screen出現不了,並且報如下的錯誤。可以通過下面的方法,troubleshoot:
The local security authority is unable to obtain an RPC connection to the Domain controller
Error message: "The local security authority is unable to obtain an RPC connection to the Domain controller"
Problem description: when you try to establish a trust from a domain controller running inside a VMWare virtual machine, the trust is not established. The
possible cause provided by Microsoft is a DNS name resolution or RPC problem.
Cause: in fact, it has nothing to do with a DNS or RPC problem whatsoever. The origin of the problem is in a
VMWare Tools component, nl. Shared Folders. The purpose of this component is to be able to share files between a management workstation and the virtual
machine.
Resolution: uninstall the Shared Folders component in your virtual machine (DC).
Go to Add/remove programs => VMWare Tools => click "change" => next => deselect "Shared Folders".
Make sure you do this on all VMware DCs
Reboot the machine.
Establish the trust.
![]()
6.單擊下一步,選擇只是這個域.
![]()
7.單擊下一步,選擇“全域性身份驗證”。
![]()
8.單擊下一步,輸入信任密碼。
![]()
9.單擊下一步
![]()
![]()
![]()
![]()
10.最後單擊完成.
![]()
DC2的操作
在DC2 上重複DC1上的操作.
注意:
DC2 上的DNS 轉發器要添加一個lcm123.com域名並且IP指向172.16.16.179.
DC2上創建信任時的域也要是lcm123.com,並且密碼要和DC1上創建時的密碼相同.
兩個域的DC服務器的時間一定要同步.