Note: New terminology for AD2003-2008/r2 Domains
Trusted domain: outgoing trust
Trusting domain: incoming trust

Tip: Technet ref: Routing name suffixes across forests:

Tip: Technet ref: How Domain and Forest Trust Works:

Tip: Technet ref: AD DS Domains and Forests Trust Tools and Settings:

Tip: Configuring (enabling/disabling) SID filtering settings (aka quarantined mode):

Tip: Configuring Selective Authentication:

Tip: Configuring Firewall for Trust relationship:

between all DCs on domain A and all DCs on domain B (or between the 2 PDCs only), allow

53           TCP/UDP         DNS

88           TCP/UDP         Kerberos

389         TCP/UDP         LDAP

445         TCP                 SMB

135          TCP                RPC port mapper

49152-65535/TCP       RPC Dynamic

137/138          TCP                Netbios netlogon and browsing

139         TCP                 Netbios session

636         TCP                 LDAP (SSL)



Common Troubleshooting tools:

Dnslint, netdiag, dcdiag, ping, nbtstat, pathping, netmon, MPSreports

To verify a trust using a command line

1. Open a command prompt. To open a command prompt, click Start, click Run, type cmd, and then click OK.

2. Type the following command, and then press ENTER:

netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify