To access resources in different forests, system administrators must manually configure trust relationships. Windows 2000 has the ability to configure one-way non-transitive trust between domains in different forests. You must configure their corresponding trust relationships between each domain in a different forest. For a two-way trust relationship, you have to manually configure the other half of the trust.
Windows Server 2003 makes it easier to configure cross-forest trust relationships. This article in Informit examines issues related to trust relationships. In short, in a forest running in the Windows Server 2003 forest functional level, you can configure a two-way transitive trust relationship in all domains associated with it. If it is a forest of other functional levels, you have to configure explicit trust as you would in Windows 2000.
Windows Server 2003 introduces the following centralized cross-forest trust:
. External trust: This one-way trust, like in Windows 2000, is a single trust relationship established between domains in different forests. They can run in any forest functional level. This trust can be used if you only want to share resources between two specific domains in different forests. This trust relationship can also be used between Active Directory domains and Windows NT 4.0 domains.
. Forest trust: As mentioned earlier, these trusts include a complete trust relationship between all domains in the relevant forest, and thus can share these resources. This trust relationship can be one-way or two-way. Both trees must be running in the Windows Server 2003 forest functional level. Forest trust has the following points:
1. Reduce the amount of external trust required for resource sharing and simplify resource management.
2. UPN has a wider range of authentication, and system administrators can separate collaborative authorizations from administrators in other forests.
3. Active Directory replication for each forest is separate. Configuration changes in the woods, such as adding new domains or modifying patterns, only affect the forests in which they are active, without affecting other forests with trust.
4. Provide more reliable authorization data. Administrators can leverage Kerberos and NTLM authentication protocols when passing authorization data between the trees.
. Realm Domain Trust: This is a one-way non-transitive trust established between the Active Directory domain and the Kerberos V5 domain in Unix and MIT operating systems.
During the use of Windows 2000, we will encounter AD due to accidental damage, then what method do w
Microsoft introduced the latest service pack 4 of Windows 2000 (hereinafter referred to as SP4) in J
A lot of online security about the windows server 2003 system configuration, but careful analysis fo
In a network using the TCP/IP protocol, each computer must have at least one IP address to communica
Easily build a mail server for Windows 2000
Active Directory Backup and Recovery (2)
Change Win 2003 to workstation
Windows 2000 operating system shared Internet Raiders
Building a secure file server with Win Server 2003
Windows 2000 System Service Management
System knowledge: Get the general problem of Windows2003 system
How to achieve network sharing restore in Win 2003
Analysis of Windows disk quota setting method
Breaking through the limitations of the Win 2003 system
Win7 system hard disk changed to ahci mode after the blue screen how to solve
WeChat small video no sound how to do
Win10 system quick start function can not open how to fix?
Use Win10 system with the correct posture
Win10 one-button installation, small white one-key reloading system win10 heavy hit
Can the driver's signature be canceled?
Win7 system enters LOL game prompt server connection exception solution
Shooting a girl to shoot "meat" RAW format detailed and practical application
Little-known win2008 network management optimization skills
How does Win7 look at computer graphics cards? View computer graphics card method