Netmetric Solutions

( Meer Shahanawaz ) ( Abdullah )

Active Directory is an implementation of LDAP directory services by Microsoft for use

in Windows environments. Active Directory allows administrators to assign enterprise-

wide policies, deploy programs to many computers, and apply critical updates to an entire

organization. An Active Directory stores information and settings relating to an

organization in a central, organized, accessible database. Active Directory networks can

vary from a small installation with a few hundred objects, to a large installation with

millions of objects.

Active Directory Domain and Trust

Trust

To allow users in one domain to access resources in another, AD uses trust. Trust is

automatically produced when domains are created. The forest sets the default boundaries

of trust, not the domain, and implicit trust is automatic. As well as two-way transitive

trust, AD trusts can be shortcut (joins two domains in different trees, transitive, one- or

two-way), forest (transitive, one- or two-way), realm (transitive or nontransitive, one- or

two-way), or external (nontransitive, one- or two-way) in order to connect to other forests

or non-AD domains. AD uses the Kerberos V5 protocol, although NTLM is also

supported and web clients use SSL/TLS.

Trusts in Windows 2000 (native mode)

Simply speaking, AD uses trust to allow users in one domain to have access to resources

in another domain. The AD trust has a two way trust with its parent. The root of every

tree has a two way trust with the Forest Root domain. As a result, every domain in the

forest, either explicitly or implicitly, trusts every other domain in the forest. These default

trusts cannot be deleted.

Trust relationship is a description of the user access between two domains consisting of a

one way and a two way trust.

One way trust - When one domain allows access to users on another domain, but

the other domain does not allow access to users on the first domain.

Two way trust - When two domains allow access to users on the other domain.

Trusting domain - The domain that allows access to users on another domain.

Trusted domain - The domain that is trusted; whose users have access to the

trusting domain.

Transitive trust - A trust that can extend beyond two domains to other trusted

domains in the tree.

Intransitive trust - A one way trust that does not extend beyond two domains.

Explicit trust - A trust that an admin creates. It is not transitive and is one way

only.

Cross link trust - An explicit trust between domains in different trees or in the

same tree when a descendent/ancestor (child/parent) relationship does not exist

between the two domains.

Windows 2000 - supports the following types of trusts:

Two way transitive trusts.

One way non transistive trusts.

After making the Trust, at any system on two domains clinet login screen will be :