Hi Everyone, 1. What is the mechanism of Trust relationship? 2. Is it base on PDC Emulator role? 3. Is PDC Emulator only handles trust relationshipwith NT 4.0 Domain but not to 2000 Domain? 4. Can any Domain controller can handle any trust relationship to other Domain? Thanks
March 25th, 2008 6:18am
Hello Roy, 1. What is the mechanism of Trust relationship? Trust between two domains, two forests or two realms enables the authentications coming from the other domains, forest, or realms. A number of components help form the trust architecture such as authentication protocols (Kerberos, NTLM), the Net Logon service, the Local Security Authority (LSA), and the Trusted Domain Objects (TDOs) stored in Active Directory. The trust relationships that we can view in Active Directory Domains and Trusts is represented by Trusted Domain Objects (TDO) stored in the System container within its domain. For a domain trust, attributes such as the DNS domain name, domain SID, trust type, trust transitivity, and the reciprocal domain name are represented in the TDO. Illustration about Trust Components and their relationship: http://technet2.microsoft.com/QueryWS/GetOpenContent.aspx?assetID=883f3cec-0a1c-41a9-bc1e-28f5f9372ad6&DocumentSet=en-US&RenderKey=XML 2. Is it base on PDC Emulator role?Is PDC Emulator only handles trust relationshipwith NT 4.0 Domain but not to 2000 Domain? Trust relationship is domain-based. You may find some articles about resetting TDO sharing password on the PDC emulator role of the domain. It doesn't mean the TDO is based on PDC Emulator role and just because PDC role can perform urgent replication while changing object password. 3. Can any Domain controller can handle any trust relationship to other Domain? Yes. With proper credential provided, trust relationship can be created or modified in any domain controller of the domain. For more information about Windows AD DS Trust Technologies, you can refer to: Domain and Forest Trusts Technical Reference http://technet2.microsoft.com/windowsserver/en/library/9d688a18-15c7-4d4e-9d34-7a763baa50a11033.mspx Hope it helps.
March 27th, 2008 2:12pm