Note: New terminology for AD2003-2008/r2 Domains
Trusted domain: outgoing trust
Trusting domain: incoming trust

Tip: Technet ref: Routing name suffixes across forests:

http://technet.microsoft.com/en-us/library/cc784334%28WS.10%29.aspx

Tip: Technet ref: How Domain and Forest Trust Works:
http://technet.microsoft.com/en-us/library/cc773178(WS.10).aspx

Tip: Technet ref: AD DS Domains and Forests Trust Tools and Settings:

http://technet.microsoft.com/en-us/library/cc756944(WS.10).aspx

Tip: Configuring (enabling/disabling) SID filtering settings (aka quarantined mode):
http://technet.microsoft.com/en-us/library/cc772633(WS.10).aspx

Tip: Configuring Selective Authentication:
http://technet.microsoft.com/en-us/library/cc755844(WS.10).aspx

Tip: Configuring Firewall for Trust relationship:

between all DCs on domain A and all DCs on domain B (or between the 2 PDCs only), allow

53           TCP/UDP         DNS

88           TCP/UDP         Kerberos

389         TCP/UDP         LDAP

445         TCP                 SMB

135          TCP                RPC port mapper

49152-65535/TCP       RPC Dynamic

137/138          TCP                Netbios netlogon and browsing

139         TCP                 Netbios session

636         TCP                 LDAP (SSL)

ICMP

Reference: https://support.microsoft.com/en-us/kb/179442

Common Troubleshooting tools:

Dnslint, netdiag, dcdiag, ping, nbtstat, pathping, netmon, MPSreports

To verify a trust using a command line

http://technet.microsoft.com/en-us/library/cc753821.aspx

1. Open a command prompt. To open a command prompt, click Start, click Run, type cmd, and then click OK.

2. Type the following command, and then press ENTER:

netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify