This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 38%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Hi,
I have got below requirement. need guidance please:
1- Create a separate new forest
2- create trust with old forest
3- old forest polices should be applied to new forest
4- New forest users should not replicate to old forest
need guidance on above points please.
Regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
For your questions:
1- Create a separate new forest
It is no related to the old one, just create the new one.
AD DS Role Installation
DC promotion
For more details you can refer to :
https://video2.skills-academy.com/en-us/windows-server/identity/ad-ds/deploy/install-a-new-windows-server-2012-active-directory-forest--level-200-
2- create trust with old forest
To create a 2 way trust step by step ,you can refer to the following steps:
A, Set up Conditional Forwarders OR Secondary Zone. For step by step ,please refer to :
https://social.technet.microsoft.com/Forums/windowsserver/en-US/9e501d72-5457-421a-b81b-3a1f83ac7b0e/setup-of-trust-relationship-between-2-domains?forum=winservergen
B, Create the trust, you can refer to:
https://video2.skills-academy.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc780479(v=ws.10)
3- old forest polices should be applied to new forest
When a user in domain A logon to the workstations in domain B , and you want the user also policies applied to users ,we need to Enable the "Allow cross-forest User Policy and Roaming User Profiles" policy setting in the old domain .
Policy location: Computer Configuration>Administrative Templates>Group Policy> Allow Cross-Forest User Policy and Roaming User Profiles.
4- New forest users should not replicate to old forest.
We don't need any configuration for it as users will not replicate between forest.
Best Regards,
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,