ONTAP Discussions

two-way domain trust?

I wanted to add Domain B as the trusted domain for Domain A? What steps do I have to go through?


1. Create two way trust in Domain A and then Domain B first in Active Directory Domain, right?

2. Use the following command to create the trust on Cluster:

vserver cifs domain name-mapping-search add -vserver vserver_name -trusted-domains FQDN, ...

3. What is the right command to verify?
4. Is there any commands to show if this is one-way or two-way on Cluster, or have to be on AD?


Please help in details. Thank you!


Re: two-way domain trust?

You don't really need to do anything in ONTAP to configure a two-way trust. ONTAP discovers the trusts on their own. You can see trusts with:

::> cifs domain trusts show 


The domain name-mapping-search command allows you to set preferred trusts:



domain name-mapping commands are also for when you need to map UNIX LDAP users in two different domains. I cover that in TR-4835 on page 54:



Re: two-way domain trust?

As for what kind of trust it is, you can't run a command in ONTAP to see that. You have to see it from AD.

Re: two-way domain trust?

I don’t seethe expected trusts domain by running the command below. Is this due to only one way relationship not two, or no any trusts created at all? I was told trust is already created. So, I am confused.

::> cifs domain trusts show 

 Thank you!

Re: two-way domain trust?

It should discover it. 


If it's not discovering, you can try adding it via the commands you mentioned. Please check the links I posted for more info.


If you're still having issues, you may want to open a support ticket.

Review Banner
All Community Forums