Step 4a: Bi-directional trust

Owned by Maarten Meijer
Last updated: Dec 04, 2019
2 min read

After setting up a cross forest name resolution, a bidirectional forest trust must be created. With the bidirectional forest trust, users from the customer's domain can authenticate themselves in the VO365 environment.

Wat is een bi-directional forest trust?

A two-way trust can be thought of as a combination of two, opposite-facing one-way trusts, so that, the trusting and trusted domains both trust each other (trust and access flow in both directions). This means that authentication requests can be passed between the two domains in both directions. Some two-way relationships can be either nontransitive or transitive depending on the type of trust being created. All domain trusts in an Active Directory forest are two-way, transitive trusts. When a new child domain is created, a two-way, transitive trust is automatically created between the new child domain and the parent domain. (technet)

SOFTapp Engineer nodig

When performing step 9, you need an engineer from SoftApp distribution that enters data.

 

  1. On the local domain controller, go to Active Directory Domains and Trusts and do a right-click on your domain controller FQDN to select properties. 
     


  2. Go to the Trusts tab and select New Trust ... 
     

  3. Click next to start the wizard. 


  4. Specify here the DNS name of softapp-distribution.com 
     


  5. Select Forest Trust with softapp-distribution.com 
     


  6. Log in with an account with sufficient permissions in your forest (Administrator)

  7. Select Two-way . 
     


  8. Use the wizard to create the trust in both locations (your environment and that of VO365) 
     


  9. Make sure you have an engineer from SoftApp distribution who can log in to the domain of VO365 ( maarten@softapp-distribution.com / +31638038682). You now need to log in with the data from the external domain. In this case, that is VO365. 
     


  10. Select Forest-wide authentication for both:

    1. Outgoing Trust Authentication Level - Local Forest

    2. Outgoing Trust Authentication Level - Specified Forest

     


  11. End the wizard by clicking next .

  12. After successful creation, click Next to confirm the outgoing and incoming trust. 
      


  13. After the successful creation of the trust you should see the next page. 
     

After setting up a cross forest name resolution, a bidirectional forest trust must be created. With the bidirectional forest trust, users from the customer's domain can authenticate themselves in the VO365 environment.