Some trusts are automatically created.
- Parent and child domains trusts each other.
- Tree root domain trusts forest root domain.
Other trusts are manually created.
Forest – to – Forest transitive trust relationships can be created in Windows Server 2003, 2008 and Windows 2012 Forests only.
Trust Relationships
- Transitive and,
- Non – Transitive Trust
Domain A trusting on Domain B and, Domain B trusting on Domain C and, if Domain A does not automatically trusts Domain C then, it is called Non - Transitive Trust.
Trust Directions:
One way outgoing – HDFC users can login in MICROSOFT domain but, MICROSOFT users cannot login into HDFC domain.
Two ways – Both MICROSOFT and HDFC users can login from either of these domains.
Trust Types:
Default – Two ways trust, Kerberos trusts (Intra Forest)
Shortcut – One or Two way transitive Kerberos trust (Intra Forest) reduces authentication requests.
External – One way non-transitive NTLM trust used to connect to/from Windows NT or external Windows Server 2000 domains. They are manually created.
Forest – One or Two way transitive Kerberos trust. Only between Windows Server 2003, 2008 and 2012 Forest roots. Creates transitive domain relationships.
Realm Trust – One or two way non-transitive Kerberos trusts connect to/from UNIX Kerberos realms.