How to do it...

To create a trust on Windows devices or Windows Servers with the Desktop Experience use the Active Directory Domains and Trusts tool for the domain you (as a resource owner) want to give access to:

1. Open Active Directory Domains and Trusts (domain.msc).
2. In the console tree, right-click the domain that you want to allow access to, and then click Properties....
3. Navigate to the Trusts tab, as follows:

1. Click the New Trust… button.
2. Run through the New Trust Wizard.
3. In the Welcome to the New Trust Wizard screen, click Next >.
4. In the Trust Name screen, type a name for the trust in the Name: field. Then, click Next > when done.
5. In the Trust Type screen, choose between a Realm trust or a Trust with a Windows domain. For the latter, type the name of the domain, in case it's different to the trust name. Click Next >.
6. In the Trust Type screen, choose between an External trust or a Forest trust. Click Next >.
7. In the Direction of Trust screen, choose between a Two-way, One-way: incoming, or One-way: outgoing trust. Click Next >.
8. In the Sides of Trust screen, choose between creating the trust for this domain only, or both this domain and the specified domain. Click Next >.
9. In the User Name and Password screen, provide the credentials of an account that has administrative privileges in the Active Directory domain on the other side of the trust. Click Next >.
10. In the Outgoing Trust Authentication Level-Local Forest and/or Outgoing Trust Authentication Level - Specified Forest screens, choose between Forest-wide authentication and Selective authentication. Click Next >.
11. In the Trust Selections Complete screen, review the settings, and click Next > to create the trust.

1. In the Trust Creation Complete screen, click Next >:

1. In the Confirm Outgoing Trust and/or Confirm Incoming Trust screens, choose between No, do not confirm the outgoing trust and Yes, confirm the outgoing trust. Click Next >.
2. In the Completing the New Trust Wizard screen, click Finish.

Alternatively, you can use the following commands:

netdom.exe trust TrustingDomain.tld /Domain:TrustedDomain.tld /TwoWay /Add

Replace TrustingDomain.tld with the DNS domain name of the Active Directory environment that gives access to its resources, and then replace TrustedDomain.tld with the DNS domain name of the Active Directory environment that gains access to the resources. 

It's a recommended practice in Active Directory to remove objects and settings that have no use.

When a trust is no longer needed, it can be deleted. To do so, follow these steps:

1. Open Active Directory Domains and Trusts.
2. In the console tree, right-click the domain that you want to allow access to, and then click Properties.
3. Navigate to the Trusts tab.
4. From the list of Domains trusts by this domain (outgoing trusts):, or from the list of Domains that trust this domain (incoming trusts): select the trust that you want to remove.
5. Click the Remove button next to the corresponding list.