Setting up a Forest Trust to the NETID domain

Last updated: January 30, 2023
Audience: IT Staff / Technical

The first thing before setting up your forest trust to the NETID domain is submitting your request. You should expect a Windows challenge/response prompt and you should provide your UW NetID and password to that prompt, using the form NETID\username. Once your request is approved, you’ll be contacted by a UW-IT representative who will work with you to get the forest trust relationship established.

To complete this process, you’ll need to have the following:

  • Access to a user account in your local domain/forest that is a member of the Domain Admins or Enterprise Admins group
  • A current personal UW NetID
  • Approximately 15 minutes of free time

How to Set Up a Forest Trust

If you requested a forest trust, the NETID user account corresponding to the UW NetID specified in the trust request will be added to the ‘Incoming Forest Trust Builders’ in the NETID forest.  This will permit you to create the forest trust relationship without directly involving UW-IT.  A UW-IT representative will contact you once this membership is ready.

To create a one-way, outgoing forest trust for both sides of the trust:

  1. Open Active Directory Domains and Trusts.
  2. In the console tree, right-click your domain, and then click Properties.
  3. On the Trusts tab, click New Trust, and then click Next.
  4. On the Trust Name page, type the Domain Name System (DNS) name of the domain to which you want to create a trust, and then click Next.

    For the UW Windows Infrastructure, you’ll enter: netid.washington.edu

  5. On the Trust Type page, click Forest trust, and then click Next.
    • If you do not have this option, then it is possible your domain is not a forest root. Forest trusts can only be created between forest root domains.
  6. On the Direction of Trust page, click One-way: outgoing, and then click Next.
  7. On the Sides of Trust page, click Both this domain and the specified domain, and then click Next.
  8. On the User Name and Password page, use the following credentials:

    User name:  NETID\<the UW NetID used for the trust request>
    Password: <your UW NetID password>

  9. On the Outgoing Trust Authentication Level–Local Forest page, choose either Forest-wide authentication or Selective authentication, and then click Next.
  10. On the Trust Selections Complete page, review the results, and then click Next.  Windows will create the trust relationship in both your local forest and in the UW Windows Infrastructure.
  11. On the Trust Creation Complete page, review the results, and then click Next.
  12. On the Confirm Outgoing Trust page, click Yes, confirm the outgoing trust, and then supply the appropriate administrative credentials from the specified domain.
  13. On the Completing the New Trust Wizard page, click Finish.

Once you have completed these steps, inform the UW-IT engineer so we know that the process is complete. After that, your trust relationship should be working. You can now utilize NETID user accounts as you would a normal local domain user account.