Term
|
Definition
A tree−root trust is implicitly established when you add a new
tree root domain to a forest. For example, in Figure 1-14, a tree-root trust is established
between Domain A and Domain 1 when Domain 1, a new tree root domain,
is added to the forest. The trust is created between the domain you are creating
(the new tree root) and the existing forest root domain. A tree-root trust can be set
up only between the roots of two trees in the same forest. The trust is transitive
and two-way. |
|
|
Term
|
Definition
A parent−child trust relationship is implicitly established
when you create a new child domain in a tree. For example, in Figure 1-14, a parent-
child trust is established between Domain 1 and Domain 2 when Domain 2, a
new child domain, is added to the tree. The Active Directory installation process
automatically creates a trust relationship between the new domain and the domain
that immediately precedes it in the namespace hierarchy (for example,
uk.microsoft.com is created as the child of microsoft.com). As a result, a domain
joining a tree immediately has trust relationships established with every domain in
the tree. These trust relationships make all objects in the domains of the tree available
to all other domains in the tree. The trust is transitive and two-way. |
|
|
Term
|
Definition
A shortcut trust must be explicitly created by a systems administrator
between two domains in a forest. This trust is used to improve user logon
times, which can be slow when two domains are logically distant from each other
in a forest or tree hierarchy. The trust is transitive and can be one-way or two-way. |
|
|
Term
|
Definition
An external trust must be explicitly created by a systems administrator
between Windows Server 2003 domains that are in different forests, or
between a Windows Server 2003 domain and a domain whose domain controller
is running Windows NT 4 or earlier. This trust is used when users need access to
resources located in a Windows NT 4 domain or in a domain located within a separate
forest, which cannot be joined by a forest trust. The trust is nontransitive and
can be one-way or two-way. |
|
|
Term
|
Definition
A forest trust must be explicitly created by a systems administrator
between two forest root domains. This trust allows all domains in one forest to
transitively trust all domains in another forest. A forest trust is not transitive across
three or more forests. For example, forest A trusts forest B and forest B trusts forest
C. There is no trust relationship between forest A and forest C. The trust is transitive
between two forests only and can be one-way or two-way. Forest trusts are
only available when the forest is at the Windows Server 2003 functional level. |
|
|
Term
|
Definition
A realm trust must be explicitly created by a systems administrator
between a non–Windows Kerberos realm and a Windows Server 2003 domain.
This trust provides interoperability between the Windows Server 2003 domain and
any realm used in Kerberos version 5 implementations. The trust can be transitive
or nontransitive and one-way or two-way. |
|
|
