ACTIVE DIRECTORY TRUST
Secure communication paths that allow objects in one domain to be authenticated and accepted in other domain.
Some trusts are automatically created.
Other trusts are manually created.
Forest – to – Forest transitive trust relationships can be created in Windows Server 2003, 2008 and Windows 2012 Forests only.
Some trusts are automatically created.
- Parent and child domains trusts each other.
- Tree root domain trusts forest root domain.
Other trusts are manually created.
Forest – to – Forest transitive trust relationships can be created in Windows Server 2003, 2008 and Windows 2012 Forests only.
TRUST RELATIONSHIPS
Trust Category:
- Transitive and,
- Non – Transitive Trust
Domain A trusting on Domain B and, Domain B trusting on Domain C and, if Domain A automatically trusts Domain C then, it is called Transitive Trust.
Domain A trusting on Domain B and, Domain B trusting on Domain C and, if Domain A does not automatically trusts Domain C then, it is called Non - Transitive Trust.
Trust Directions:
Domain A trusting on Domain B and, Domain B trusting on Domain C and, if Domain A does not automatically trusts Domain C then, it is called Non - Transitive Trust.
Trust Directions:
One way incoming – MICROSOFT users can login in HDFC domain but, HDFC user cannot login into MICROSOFT domain.
One way outgoing – HDFC users can login in MICROSOFT domain but, MICROSOFT users cannot login into HDFC domain.
Two ways – Both MICROSOFT and HDFC users can login from either of these domains.
Trust Types:
Default – Two ways trust, Kerberos trusts (Intra Forest)
Shortcut – One or Two way transitive Kerberos trust (Intra Forest) reduces authentication requests.
External – One way non-transitive NTLM trust used to connect to/from Windows NT or external Windows Server 2000 domains. They are manually created.
Forest – One or Two way transitive Kerberos trust. Only between Windows Server 2003, 2008 and 2012 Forest roots. Creates transitive domain relationships.
Realm Trust – One or two way non-transitive Kerberos trusts connect to/from UNIX Kerberos realms.
One way outgoing – HDFC users can login in MICROSOFT domain but, MICROSOFT users cannot login into HDFC domain.
Two ways – Both MICROSOFT and HDFC users can login from either of these domains.
Trust Types:
Default – Two ways trust, Kerberos trusts (Intra Forest)
Shortcut – One or Two way transitive Kerberos trust (Intra Forest) reduces authentication requests.
External – One way non-transitive NTLM trust used to connect to/from Windows NT or external Windows Server 2000 domains. They are manually created.
Forest – One or Two way transitive Kerberos trust. Only between Windows Server 2003, 2008 and 2012 Forest roots. Creates transitive domain relationships.
Realm Trust – One or two way non-transitive Kerberos trusts connect to/from UNIX Kerberos realms.
Comments
Post a Comment