Windows Server 2003 - Trusts
Home | Editions | Security | Active Directory | Resources | Contents
Get the Book
Major Topics
Editions
Security
Active Directory
Resources
Contents
Other Topics
Up
AD organization
Trusts
Users
Groups
Domain Controllers
FSMO
DNS
Publishing
Schema
More Detail

Memory from Crucial.com


©2004 Team Approach Limited
All rights reserved


NT Trusts

NT trusts are established manually and allow the potential access of resources in one domain by users in another domain. The reverse access in not automatic but can be established in a second trust is defined.

Trusting Resource Domain A   A trusts B Æ Trusted Account Domain B
  means that users from B potentially can access resources in A
  á  B access A

In drawing diagrams of domains and their trusts, we draw the trust as an arrow showing the direction of the trust rather than the opposite direction of the access.

A Æ B
 		 A Æ B Æ C
If A trusts B,
B does not automatically trust A		   If A trust B and B trusts C
A does not automatically trust C
        A Æ Æ Æ C
A Æ
Å		 B   Æ B Æ
2-way trusts require 2 one-way trusts   NT trusts must be defined between every pair of domains and are not transitive

AD Trusts

AD 2-way transitive trusts are automatically created and follow the tree structure of the domain names.  This creates a complete trust environment between all domains. Complete trust does not mean a lack of security.  Security restrictions are established with DACLs.

For interoperability NT trusts can be established with NT domains.