diff --git a/infra/scenarios/ipa-ad-trust.yml b/infra/scenarios/ipa-ad-trust.yml
new file mode 100644
index 000000000..6e05313e0
--- /dev/null
+++ b/infra/scenarios/ipa-ad-trust.yml
@@ -0,0 +1,54 @@
+# IPA trust to Samba AD DC.
+#
+# Steps to set trust on 'server':
+#   # kinit admin <<< SomeADMINpassword
+#   # ipa dnsforwardzone-add ad.ipa.test. --forwarder=192.168.13.250
+#   # ipa trust-add ad.ipa.test --type ad --range-type ipa-ad-trust --two-way true --admin=Administrator --password <<< Secret123
+#
+# Create samba user on 'addc':
+#   # samba-tool user create jdoe --given-name John --surname Doe
+#
+# Checking user on IPA server:
+#
+#  # getent passwd jdoe@AD.IPA.TEST
+#  # kinit jdoe@AD.IPA.TEST
+#
+---
+lab_name: ipa-ad-trust
+subnet: "192.168.13.0/24"
+extra_data:
+  - playbooks
+external:
+  hosts:
+  - name: addc
+    hostname: dc.ad.ipa.test
+    role: addc
+    ip_address: 192.168.13.250
+    options:
+      forwarder: 192.168.13.100
+ipa_deployments:
+  - name: ipa
+    domain: linux.ipa.test
+    admin_password: SomeADMINpassword
+    dm_password: SomeDMpassword
+    cluster:
+      servers:
+        - name: server
+          capabilities: ["DNS", "AD", "KRA"]
+          ip_address: 192.168.13.100
+          vars:
+            ipaserver_netbios_name: IPA
+            ipaserver_idstart: 60000
+            ipaserver_idmax: 62000
+            ipaserver_rid_base: 63000
+            ipaserver_secondary_rid_base: 70000
+            # trust test vars
+            winserver_domain: ad.ipa.test
+            winserver_admin_password: Secret123
+            winserver_ip: 192.168.13.250
+            # external users vars
+            test_ad_user: 'jdoe@DC'
+            test_alt_user: 'jdoe@ad.ipa.test'
+      clients:
+        - name: cli01
+          dns: server
diff --git a/infra/scenarios/requirements.txt b/infra/scenarios/requirements.txt
new file mode 100644
index 000000000..2b38e799a
--- /dev/null
+++ b/infra/scenarios/requirements.txt
@@ -0,0 +1,2 @@
+ipalab-config>=0.10.2
+podman-compose>=1.2.0