To allow users in one domain to access resources in another, Active Directory uses trusts. Trusts inside a forest are automatically created when domains are created.
The forest sets the default boundaries of trust, not the domain, and implicit, transitive trust is automatic for all domains within a forest. As well as two-way transitive trust, AD trusts can be a shortcut (joins two domains in different trees, transitive, one- or two-way), forest (transitive, one- or two-way), realm (transitive or nontransitive, one- or two-way), or external (nontransitive, one- or two-way) in order to connect to other forests or non-AD domains.
Trusts in Windows 2000 (native mode)
- One-way trust: One domain allows access to users on another domain, but the other domain does not allow access to users on the first domain.
- Two-way trust: Two domains allow access to users on both domains.
- Trusting domain: The domain that allows access to users from a trusted domain.
- Trusted domain: The domain that is trusted; whose users have access to the trusting domain.
- Transitive trust: A trust that can extend beyond two domains to other trusted domains in the forest.
- Intransitive trust: A one way trust that does not extend beyond two domains.
- Explicit trust: A trust that an admin creates. It is not transitive and is one way only.
- Cross-link trust: An explicit trust between domains in different trees or in the same tree when a descendant/ancestor (child/parent) relationship does not exist between the two domains.
Windows 2000 Server supports the following types of trusts:
- Two-way transitive trusts.
- One-way intransitive trusts.
Additional trusts can be created by administrators. These trusts can be shortcut.
Windows Server 2003 offers a new trust type - the forest root trust. This type of trust can be used to connect Windows Server 2003 forests if they are operating at the 2003 forest functional level. Authentication across this type of trust is Kerberos based (as opposed to NTLM). Forest trusts are also transitive for all the domains in the forests that are trusted. Forest trusts, however, are not transitive.
