Can someone confirm the following for me?
From reading this article http://technet.microsoft.com/en-us/library/ee307976%28v=ws.10%29.aspx, it looks to me like the only entries needed for a trust are
For each domain controller in trusted domain:
* Service (SRV) resource record (_ldap._tcp.dc._msdcs.<computer account domain>)
* Host (A) resource record
* domain name ("@") IP address record
Specifically, I'm dealing with a one-way non-transitive external trust in a Windows Server 2003 environment, but I'd like to know if it's different for any other kind of trust.
I have to create entries manually in a primary zone because we are using network address translation. I.e. the DNS servers in the trusted domain have different IP addresses in DNS than we will use to access them.
So, if a new domain controller, DC3 (10.0.0.3), was put in service in the trusted domain OtherOrgDomain.local, I would create the following entries in the zone that I created for the trusted organization:
_ldap._tcp.dc._msdcs.OtherOrgDomain.local
(with this command, for example: dnscmd /RecordAdd OtherOrgDomain.local _ldap._tcp.dc._msdcs SRV 0 100 389 DC3.OtherOrgDomain.local.)
DC3 10.0.0.3
@ 10.0.0.3
There are tons of other entries normally created automatically when a new domain is setup (global catalogs, primary domain controller, sites, etc.) None of that is needed, right?