Create an Active Directory External Trust with Selective Authentication

30 minutes
  • 5 Learning Objectives

About this Hands-on Lab

This hands-on lab walks through the process of creating an external trust between two Active Directory Domain Services (AD DS) domains with selective authentication.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure Active Directory Users and Groups
  1. Create an Active Directory global group named Developers.
  2. Add the Developer user as a member of the Developers group.
Configure DNS
  1. Create a conditional forwarder on the Barrier Reef Audio domain controller to forward DNS traffic for to the River City AI domain controller.
  2. Create a conditional forwarder in the opposite directory on the River City AI domain controller to forward DNS traffic for to the Barrier Reef Audio domain controller.
  3. Test DNS name resolution in both directions.
Create an External Trust
  1. Create a one-way, outgoing external trust with selective authentication to allow developers in the Barrier Reef Audio domain to access resources in the River City AI domain.
Configure Selective Authentication
  1. Modify the computer account for the River City AI domain controller to configure selective authentication for the Developers group in the Barrier Reef Audio domain to authenticate using the trust and access resources.
Test Access

Using the password from the lab details:

  1. Log on to BRAWKS1, and test access to \ as a developer user ( to ensure access is granted.
  2. Log on to BRAWKS1, and test access to \ as a non-developer user ( to ensure access is not granted.

Additional Resources


You’ve recently been promoted to the role of Azure hybrid administrator at Barrier Reef Audio, a company that focuses on generating text from speech using a range of high-quality audio equipment and machine learning. One of your responsibilities is managing the Active Directory Domain Services environment, which runs on Azure virtual machines.

Barrier Reef Audio has acquired another company, River City AI, that specializes in optimizing speech to text for efficiency and accuracy.

You’ve been tasked with providing the development team at Barrier Reef Audio access to resources in the River City AI network. Contractual requirements mean that you can’t grant unrestricted access to the River City AI environment.

In this lab, you will:

  1. Configure Active Directory users and groups.
  2. Configure DNS forwarding.
  3. Create an external trust with selective authentication.
  4. Configure selective authentication.
  5. Test access.

Lab Setup

In this lab, you will connect to the VMs using Remote Desktop. You won’t need to access the Azure portal.

You will need to use a Remote Desktop client:

If you get stuck, feel free to check out the lab objectives, solution video, or lab guide. Good luck!

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?