Home > Flashcards > Computer Science > MCSE

Details Title: MCSE Description: Active Directory Trusts Total Flash Cards: 6 Created: 09/11/2006 12:15:49	To study from this set of flash cards, or to create your own your own study flash cards, register HERE. If you are already a registered user, CLICK HERE.
Cards Term Tree-Root Trust Definition A tree−root trust is implicitly established when you add a new tree root domain to a forest. For example, in Figure 1-14, a tree-root trust is established between Domain A and Domain 1 when Domain 1, a new tree root domain, is added to the forest. The trust is created between the domain you are creating (the new tree root) and the existing forest root domain. A tree-root trust can be set up only between the roots of two trees in the same forest. The trust is transitive and two-way. Term Parent-Child Trust Definition A parent−child trust relationship is implicitly established when you create a new child domain in a tree. For example, in Figure 1-14, a parent- child trust is established between Domain 1 and Domain 2 when Domain 2, a new child domain, is added to the tree. The Active Directory installation process automatically creates a trust relationship between the new domain and the domain that immediately precedes it in the namespace hierarchy (for example, uk.microsoft.com is created as the child of microsoft.com). As a result, a domain joining a tree immediately has trust relationships established with every domain in the tree. These trust relationships make all objects in the domains of the tree available to all other domains in the tree. The trust is transitive and two-way. Term Shortcut Trust Definition A shortcut trust must be explicitly created by a systems administrator between two domains in a forest. This trust is used to improve user logon times, which can be slow when two domains are logically distant from each other in a forest or tree hierarchy. The trust is transitive and can be one-way or two-way. Term External Trust Definition An external trust must be explicitly created by a systems administrator between Windows Server 2003 domains that are in different forests, or between a Windows Server 2003 domain and a domain whose domain controller is running Windows NT 4 or earlier. This trust is used when users need access to resources located in a Windows NT 4 domain or in a domain located within a separate forest, which cannot be joined by a forest trust. The trust is nontransitive and can be one-way or two-way. Term Forest Trust Definition A forest trust must be explicitly created by a systems administrator between two forest root domains. This trust allows all domains in one forest to transitively trust all domains in another forest. A forest trust is not transitive across three or more forests. For example, forest A trusts forest B and forest B trusts forest C. There is no trust relationship between forest A and forest C. The trust is transitive between two forests only and can be one-way or two-way. Forest trusts are only available when the forest is at the Windows Server 2003 functional level. Term Realm trust Definition A realm trust must be explicitly created by a systems administrator between a non–Windows Kerberos realm and a Windows Server 2003 domain. This trust provides interoperability between the Windows Server 2003 domain and any realm used in Kerberos version 5 implementations. The trust can be transitive or nontransitive and one-way or two-way.