Implicit
Trusts ----- Establish trust relationship automatically.
Explicit
Trusts ----- We have to build manually trust relationship .NT to Win2k or Forest to Forest
Transitive
----- If A ó B ó C then Aó C
Non-Transitive
----- If A ó B ó C then A is not trusting C
One
way ----- One side
Two
way ----- two sides
Windows
Server 2003 Active Directory supports the following types of trust
relationships:
Tree-root trust Tree-root trust relationships are
automatically established when you add a new tree root domain to an existing
forest. This trust relationship is transitive and two-way.
Parent-child trust Parent-child trust relationships are
automatically established when you add a new child domain to an existing tree.
This trust relationship is also transitive and two-way.
Shortcut trust Shortcut trusts are trust relationships
that are manually created by systems administrators. These trusts can be
defined between any two domains in a forest, generally for the purpose of
improving user logon and resource access performance. Shortcut trusts can be
especially useful in situations where users in one domain often need to access
resources in another, but a long path of transitive trusts separates the two
domains. Often referred to as cross-link trusts, shortcut trust relationships
are transitive and can be configured as one-way or two-way as needs dictate.
Realm trust Realm trusts are manually created by
systems administrators between a non–Windows Kerberos realm and a Windows
Server 2003 Active Directory domain. This type of trust relationship provides
cross-platform interoperability with security services in any Kerberos version
5 realms, such as a UNIX implementation. Realm trusts can be either transitive
or nontransitive, and one-way or two-way as needs dictate.
External trust External trusts are manually created by
systems administrators between Active Directory domains that are in different
forests, or between a Windows Server 2003 Active Directory domain and a Windows
NT 4.0 domain. These trust relationships provide backward compatibility with
Windows NT 4.0 environments, and communication with domains located in other
forests that are not con-figured to use forest trusts. External trusts are
nontransitive and can be configured as either one-way or two-way as needs
dictate.
Forest trust Forest
trusts are trust relationships that are manually created by systems
administrators between forest root domains in two separate forests. If a forest
trust relationship is two-way, it effectively allows authentication requests
from users in one forest to reach another, and for users in either forest to
access resources in both. Forest trust
relationships are transitive between two forests only and can be configured as
either one-way or two-way as needs dictate.