Active Directory Trusts and Types


Trusts:-To allow users in one domain to access resources in another, Active Directory uses trusts. Communication between domains occurs through trusts. Trusts are authentication pipelines that must be present in order for users in one domain to access resources in another domain.

Trusts inside a forest are automatically created when domains are created.

Types of Trusts:-

Tree-root Trust--Windows 2003 automatically creates a transitive, two-way trust when you add a new tree-root domain to an existing forest. Tree-root trusts let every domain in different trees in the same forest implicitly trust one another.





Parent-child Trust--Windows 2003 automatically creates a transitive, two-way trust when you add a child domain to an existing domain. This trust lets every domain in a particular tree implicitly trust one another.

Shortcut Trust--When domains that authenticate users are logically distant from one another, the process of logging on to the network can take a long time. You can manually add a shortcut trust between two domains in the same forest to speed authentication. Shortcut trusts are transitive and can either be one way or two way.




External Trust--Administrators can manually create an external trust between domains in different forests . External trusts are nontransitive and can be one way or two way.







Forest Trust--When two forests have a functional level of Windows 2003, you can use a forest trust to join the forests at the root. You can manually create a two-way forest trust that lets all domains in both forests transitively trust each other. Forest trusts can also be one way, in which case the domains in only one of the forests would trust the domains in the other forest. Multiple forest trusts aren't transitive. Therefore, if forest A has a forest trust to forest B and forest B has a forest trust to forest C, forest A does not implicitly trust forest C.

Realm Trust--An administrator can manually create a realm trust between a Windows 2003 domain and a non-Windows . Realm trusts can be transitive or nontransitive and one way or two way. As shown Below

Comments