illegal for non-trainer use
Active Directory provides security across multiple domains and forests by using domain and forest trusts.
In this lesson, you will learn about the various elements of trusts, types of trusts, common scenarios for creating trusts, and how to effectively manage trusts from a security perspective.
After completing this lesson, you will be able to:
■ Describe the various types of trusts in Windows Server 2003.
■ Describe the various authentication methods that can be used with trusts.
■ Describe the types of trusts available for use in various server operating systems.
■ Create a cross-forest trust.
Trusts in Windows Server 2003
***************************** illegal for non-trainer use ******************************
Introduction A trust is a relationship that is established between domains or forests that enables security principals from one domain to be authenticated by domain controllers in another domain. Trusts allow security principals to traverse their credentials from one domain to another, but do not allow access to resources between domains. Access is controlled by using security descriptors on the resources that need to be accessed.
Types of trusts The following table describes the trusts supported in Windows Server 2003.
Parent/ Exists between all domains in the forest. This two-way transitive trust child allows security principals to be authenticated in any domain in the forest.
These trusts are created by default and cannot be removed.
Tree/root Exists between all domain trees in the forest. This two-way transitive trust allows security principals to be authenticated in any domain in the forest. These trusts are created by default and cannot be removed.
External Exists between domains that are not part of the forest. These trusts can be one-way or two-way and are non-transitive.
Realm Exists between a non-Windows-brand operating system domain (referred to as a Kerberos realm) and a Windows Server 2003 domain. These trusts can be one-way or two-way, and can be transitive or non-transitive.
Forest Exists between forests that are in Windows Server 2003 forest functionality mode. These trusts can be one-way or two-way and can be transitive or non-transitive.
Shortcut Exists within a Windows Server 2003 forest created to reduce logon times between domains in a forest. This one-way or two-way trust is particularly useful when traversing tree-root trusts, because the trust path to a destination domain is potentially reduced.
Note To create trusts, use Active Directory Domains and Trusts or Netdom.exe. You cannot create trusts in Windows Small Business Server 2003.
Was this article helpful?
There will come a day in your business (if it hasn't already arrived) when you realise that you only have two hands and 24 hours in a day. What I mean is you can't do everything that your business needs yourself. If you try to do everything yourself your business will at best grind to a halt, and at worst, GO UNDER. Take a look RIGHT NOW at the successful marketers around you - the millionaires, the gurus and the market leaders.