Professional Documents
Culture Documents
Active Directory Trusts
Active Directory Trusts
4
PLAN ACTIVE
DIRECTORY
Active
Directory
Trusts
I need access
to your share
Share User
Domain Corp
TESTOUT SERVER PRO 2016: Domain ACME
IDENTITY
Trusts
Trusts allow users to access resources in another domain.
Trust options include:
One-way or two-way
Share User
Domain Corp
TESTOUT SERVER PRO 2016: Domain ACME
IDENTITY
Trusts
Trusts allow users to access resources in another domain.
Trust options include:
One-way or two-way
Incoming or outgoing
Transitive and nontransitive
Domain Corp trusts Domain ACME
Outgoing Incoming
Trust Trust
Share User
Domain Corp
TESTOUT SERVER PRO 2016: Domain ACME
IDENTITY
Trusts
Trusts allow users to access resources in another domain
Trust options include
One-way or two-way
Incoming or outgoing
Transitive A trusts B B trusts C
Nontransitive and C
A trusts B B trusts C
West.CorpNet.com
TESTOUT SERVER PRO 2016:
IDENTITY
Cross-Forest Trusts
Are manual trusts created between two forests.
Must have a forest functional levels of Windows 2003 or higher.
Forest A Forest C
A C
B.A D.C
A B C
B.A C.A
TESTOUT SERVER PRO 2016:
IDENTITY
Cross-Forest Trust Authentication
Forest-wide:
Permits unrestricted access by any users in the specified forest to all
available shared resources.
Enabled by default.
Selective:
Allows selected users and groups in remote forest to access resources
in local forest.
Must assign the Allowed to Authenticate right.
A C
B.A D.C
B.A D.A
Shortcut Trust
C.B.A E.D.A
TESTOUT SERVER PRO 2016:
IDENTITY
Summary
Trust Types
Automatic
Cross-forest
External
Realm
Shortcut