0

In my lab environment, I'd like to create a trust relation between two Active Directory domains that share a common root. One is home.acme.com and the other is work.acme.com. When I create both domains as separate forests and then use the AD Trust UI flow to create a forest wide two way trust in both domains for forest wide authentication, I get an error

The operation failed. The error is: The specified account already exists.

I'm wondering if I'm getting this error because both domains home.acme.com and work.acme.com contain the same root acme.com yet I created them as separate forests. If so, what flow should I use to create the the two domains? Should I create a domain acme.com and make home.acme.com and work.acme.com subdomains or can I somehow get away with only creating the two domains I'm interested in home.acme.com and work.acme.com.

Thanks! Chris

Christopher King
  • 111
  • 3
  • From https://serverfault.com/questions/565628/windows-sever-2008-r2-trust-issue. I had a computer in work.acme.com named HOME. After deleting that I no longer get that error. – Christopher King May 18 '23 at 01:50
  • we do usually not provide learning materials. Best Practice is always creating subdomains of anykind like Munich.mycompany.local to not get in trouble having the same name anywhere and at this point there will usually no trouble at all – djdomi May 18 '23 at 06:58
  • This shouldn't prevent you from establishing trust. At least, in Windows Server 2003 it did not; similar setup even worked in production. – Nikita Kipriyanov Jun 02 '23 at 08:54

0 Answers0