domain trust issue
Hi All,
I have a two different forest: a.com is 2008 level and b.com is 2003 level, and there is another b.com.sg is sub-domain of b.com
I add a external dual trust between a.com and b.com.
In my opinion, the a.com should not trust b.com.cn because external is not transmitted ?
but I found the truth is on the contrary ? user in b.com.cn can reach a.com as long as proper credential.
also, I tried to establish external trust between a.com and b.com.cn, and then the sys pops up the trust has been already exist.
anyone could adv ? is my understanding wrong ?
August 9th, 2012 8:44am
Hi,
First of all Forest trust can be created between two forest root domains. They can give you complete two-way trust relationships with every domain in each forest.
So if you create forest trust each and every domains in the forest can trust each other.
What are you trying to achieve? If you explain us better we can help you with proper solutions and suggestions.
Forest trusts: Active Directory
technet.microsoft.com/en-us/library/cc755700(v=ws.10).aspx
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2012 9:49am
Hi,
First of all Forest trust can be created between two forest root domains. They can give you complete two-way trust relationships with every domain in each forest.
So if you create forest trust each and every domains in the forest can trust each other.
What are you trying to achieve? If you explain us better we can help you with proper solutions and suggestions.
Forest trusts: Active Directory
technet.microsoft.com/en-us/library/cc755700(v=ws.10).aspx
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!
August 9th, 2012 9:57am
In my opinion, the a.com should not trust b.com.cn because external is not transmitted ?
If it is a two way trust relationship then both domains trust the other. However, if this is a one way trust relationship then if the trust relationship is from A to B then the resource access is from B to A.
but I found the truth is on the contrary ? user in b.com.cn can reach a.com as long as proper credential.
That depends of the user permissions and the trust relationship (one way or two ways).
also, I tried to establish external trust between a.com and b.com.cn, and then the sys pops up the trust has been already exist.
anyone could adv ? is my understanding wrong ?
If the trust was already created then you can validate it or delete it. If you want that both forests trust each other then delete the current trust and replace it by a forest way.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2012 10:05am
Hi iamrafic & X
tks for your post
actually, my question is about the trust transitivity.
a.com trust b.com, b.com trust c.com, if transmit is no, then a.com did not trust c.com, Is that correct ?
but why a.com trust b.com.cn ? Does this rule not apply in parent trust ?
so the truth is : the transmit is
implict 'yes' as long as trust relationship are dual way, though the GUI show ' no '
I guess I may review the trust lesson then T_T
August 9th, 2012 10:57am
a.com trust b.com, b.com trust c.com, if transmit is no, then a.com did not trust c.com, Is that correct ?Yes, there is no transitivity here and A doe snot trust C.
but why a.com trust b.com.cn ? Does this rule not apply in parent trust ?
If A and B are in the same forest and B is the child of B then this is a trust relationship which is created by default.
so the truth is : the transmit is
implict 'yes' as long as trust relationship are dual way, though the GUI show ' no '
I guess I may review the trust lesson then T_T
I recommend reading that: http://technet.microsoft.com/en-us/library/cc736874%28v=ws.10%29
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2012 11:00am
a.com trust b.com, b.com trust c.com, if transmit is no, then a.com did not trust c.com, Is that correct ?Yes, there is no transitivity here and A doe snot trust C.
but why a.com trust b.com.cn ? Does this rule not apply in parent trust ?
If A and B are in the same forest and B is the child of B then this is a trust relationship which is created by default.
so the truth is : the transmit is
implict 'yes' as long as trust relationship are dual way, though the GUI show ' no '
I guess I may review the trust lesson then T_T
I recommend reading that: http://technet.microsoft.com/en-us/library/cc736874%28v=ws.10%29
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
August 9th, 2012 11:08am
Hi,
strengthen my trust knowledge then
tks u guys ... ^_^
Free Windows Admin Tool Kit Click here and download it now
August 12th, 2012 9:04pm