TRUST

In order to share resources between two domains, there must a trust or trusts connecting the two domains. Trusts do not provide access that  only create a pathway to the destination.

•  you need the path to the resource via a trust and permission to access the resource.

Trust can be one-way or two-way.If the trust is two-way, then the domain on either side can access the other side.

• Trust can be transitive or non-transitive
• Transitive trust:

                      A transitive trust is when a trust can be extended outside of the two domains in which it was created. A domain connected via a transitive trust can thus access any other domain when there is a path of transitive trusts between that domain and the target domain.

• Non-transitive trust:

                                      A non-transitive trust is a trust that will not extend past the domains it was created with. If domain A was connected to domain B and domain B connected to domain C using non-transitive trusts the following would occur. Domain A and domain B would be able to access each other. Domain B could access domain C. Domain A, however, could not access domain C.

Parent-Child Trust:
                 
                         By default all the domains within the forest have a two-way transitive trust with any other domain directly.(That is above or below hierachy).

Shortcut Trust:

                If you have two domains that communicate with each other on a regular basis you can create a shortcut trust. This is the same as a transitive trust but is manually created by an administrator to reduce the number of trusts a user needs to travel over to get from one domain to another.
                          

 



 

External Trust:

 

 

It is the trust between the domain in one forest with domain in another forest.

 

 

Realam Trust:

 

                    A realm trust is used to connect Active Directory with Kerberos V5 realm on a non-Windows system like Unix. In order to create a realm trust, the domain must be at the Windows Server 2003 functional level or higher. These can be transitive or non-transitive, one-way or two.

 

Forest Trust:

 

A forest trust links two Active Directory forests together. These are created manually by an administrator and are transitive. They essentially work the same as the other trusts except they connect forests together. In order to create this trust, both forests must be at the Windows Server 2003 forest functional level or higher.

 

Federated Trust:

 

                       A cross forest trust in which the communication takes place across internet via a web application like share point.Federated trust is implemented using AD federated service.  It is            non-transitive  and one-way trust.

 

 

 

OVERVIEW OF TRUST