Microsoft Certifications

Planning and Implementing an Active Directory Infrastructure: Exam 70-294 – Part 1

Understanding Trust Relationships

A trust relationship is a logical relation between two domains/forests. One of the domains is the trusting domain that trusts the other domain and allows access to its resources to the other domain. The other domain is the trusted domain that access resources from the trusting domain. The trust enables the trusting domain to authenticate the logon requests of the trusted domain.

The trust relationships can be implicit (created automatically) or explicit (created manually). I
n Windows Server 2003, the trust relationships are bidirectional and transitive unlike Windows NT 4.0 trust relationships, which were unidirectional and non-transitive. The transitive trust relationship means that in a forest A, if there are two domains called B and C, and there is a trust relationship between A-B and A-C then domains B and C will also trust each other automatically. The bidirectional trust relationship means that if domain A trusts domain B then domain B will also trust domain A.

Windows Server 2003 uses Kerberos protocol by default for trust domains to authenticate applications and users. It also supports the use of NTLM protocol. Windows Server 2003 supports two implicit trust relationships called Tree-root trust and Parent