Try   HackMD

Windows兩個網域信任之建立

目錄

環境說明

以下為測試環境,測試兩個不同網域進行信任,分別有兩台虛擬機,分為公司A、B,會在B公司建立DFSN。並且會使用Client端測試信任是否成功。

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

兩間公司網域建立信任

建立網域信任我們需要對 DNS Active Directory管理中心進行設定,而基本AD的建立或者設定不多贅述。首先進行DNS的步驟。

新增區域轉送、新增區域

這個步驟兩台機器都相同,筆者以Windows Server 2003R2為例:

1. 首先新增區域轉送,兩台都需要要新增區域轉送(對方IP)

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

2. 新增區域,輸入A公司的網域名稱及其IP

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Active Directory 網域及信任之設定

接下來進行 Active Directory 網域及信任的設定。

請注意,這步驟分成兩種,分別為A和B,可以根據顯示的畫面進行操作。

A

1. 新增信任並且互相指向對方網域,並且兩台都要互相信任,以Windows Server 2022為例

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

2. 接下來測試是否可以從A公司網域中的Client端加入到B公司網域,去找NAS的儲存資料或者DFS儲存空間資料

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

這一步驟若出現錯誤,與SMB有關,請新增相關功能去排除,錯誤如下圖所示。

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

5/9更新
若你的畫面不是呈現如上,請進行下列步驟。
因為是新測試環境,所以有些地方會不同,例如:網域名稱。

B

建立樹系信任

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

建置結果

1.可以看到我在使用A公司Client連入B公司建立之DFSN後,可以正常讀取,而我僅設定讀取,所以在A公司的Client也只能讀取

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

2. DNS設定檢查,我仍然將DNS指向A公司,但處理了新增信任 區域轉送 新增區域 所以我可以取得B公司的信任並進行後續工作事宜。

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

以上為兩個網域建立信任的測試,本次屬於簡單的測試,基本上設定的時候筆者已經預先將問題排除,所以在建立信任的時候沒有將錯誤撰寫至內文。
主要的設定還是依工作環境為準,測試僅供參考以及練習。

感謝您看到這裡,希望這份文件對您會有幫助。

tags: Domain Trust Windows Server Windows AD
Last changed by 
📖 NTUT Electronic Engineering - Group of "Computer Engineering" 🐺 Network/System/Cyber Security
0
1
384

Read more

LAB - TLS版本會不會影響到SMB連線

Server

Apr 30, 2025
攻防LAB:存取Windows C槽之嘗試

內網測試駭入C槽之LAB

Apr 28, 2025
資料結構中「搜尋與排序」的概念、Code以及Demo

「搜尋與排序」簡易版筆記說明,Only 概念以及考試用,實作絕對需要再更深入了解。

Oct 2, 2024
VMware虛擬化環境進行簡易的iSCSI配置-NAS以QNAP為例

作者:蔡霆鋒

May 28, 2024
Read more from 蔡
Published on HackMD