Active Directory Design and Security Concepts - MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration

Information Technology Reference

In-Depth Information

A forest trust is a powerful tool when having a trust relationship between all domains in two

separate forests is an advantage. If the need for a trust relationship is limited to just a few

domains in different forests, however, an external trust is required.

External Trusts An external trust is a one-way or two-way nontransitive trust between two

domains that aren't in the same forest. External trusts are generally used in these circumstances:

• To create a trust between two domains in different forests —If no forest trust exists, an exter-

nal trust can be created to allow users in one domain to access resources in another domain in

a different forest. If a forest trust does exist, an external trust can still be used to create a

direct trust relationship between two domains. This option can be more efficient than a forest

trust when access between domains is frequent, much like a shortcut trust is used in a forest.

• To create a trust with a Windows 2000 or Windows NT domain —You can't create a forest

trust between a Windows Server 2008 or 2003 forest and a Windows 2000 forest or Windows

NT domain. An external trust must be used to create the trust relationship between domains.

Realm Trusts Today's networks are often composed of systems running different OSs, such

as Windows, Linux, UNIX, and Mac OS. A realm trust can be used to integrate users of other

OSs into a Windows Server 2008 domain or forest. It requires the OS to be running the Kerberos

V5 authentication system that Active Directory uses. Kerberos is an open-standard security pro-

tocol used to secure authentication and identification between parties in a network.

4

Activity 4-8: Configuring Trusts

Time Required: 5 minutes

Objective: Perform the beginning steps of creating a forest trust relationship with a partner.

Description: Before a forest trust can be created, you need more knowledge of DNS and how to

configure additional DNS zones or DNS forwarders. The actual building of the trust is done in

Chapter 10. For now, you explore Active Directory Domains and Trusts to become familiar

with this tool.

1. Log on to your server as Administrator, if necessary.

2. Click Start , point to Administrative Tools , and click Active Directory Domains and Trusts .

3. Right-click the domain node in the left pane and click Properties . Click the Trusts tab,

shown in Figure 4-16.

Figure 4-16

The Trusts tab

Search WWH ::

Custom Search

Home