• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 129
  • Last Modified:

AD installation questions

During setup of active directory, you have a few options. One is to be the root of a forest

"Domain Controller for a new domain" -click this for making childs, new domains or new forests
"Additional domain controller"  - this will just be a "backup" so to speak


"Create a new domain tree"                    - ie:  dissolved.com
"Create a child domain in an existing tree" - ie:  software.dissolved.com ?



"Create a New forest"   - this makes it a separate entity all together
"join an existing forest" - transitive trust is made automatically between the two domain trees. Users from domain A, can be   authenticated in domain B

Is this correct?
0
dissolved
Asked:
dissolved
  • 7
  • 2
1 Solution
 
elbereth21Commented:
I hope you are not doing this for a test at school, but, since it seems you have understood all the basics by yourself, this does not seem to be against the rules of the site. And yes, what you say is correct.
0
 
elbereth21Commented:
As a side note, you might find these e-books useful http://www.netpro.com/ebook/index.cfm
0
 
dissolvedAuthor Commented:
N no definitely not doing this for school. I am out of school and getting old lol :(
I'm a network admin ,they are just now letting us touch the AD boxes.  I spent a plethora of cash getting some software to use at home.


Anyway:
So all of assumptions in my original post were correct???


2 last questions friend:

-My main question is when you choose "JOIN AN EXISTING FOREST."   I noticed it makes automatic transitive trust. what does this mean?  If im a user named B who resides in DOMAIN B.  I can be authenticated in DOMAIN A  correct? Even if I dont have a user account in DOMAIN A?  Is this what transitive trust measn?

-I've linked two forests together before and made one way trust. I think this means no child domains have trust. Correct?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
elbereth21Commented:
Forests share Global Catalogs and AD Schema. With the trust between the Domains, the users can log in to the different domains automatically.
0
 
elbereth21Commented:
This document has great information about trusts http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd05.mspx

As for your last question; these are the main effects of a one-way trust:
• A user who is logged on to the trusted domain can be authenticated to connect to a resource server in the trusting domain.
 
• A user can use an account in the trusted domain to log on to the trusted domain from a computer in the trusting domain.
 
• A user in the trusting domain can list trusted domain security principals and add them to groups and access control lists (ACLs) on resources in the trusting domain.
 

0
 
elbereth21Commented:
Oh, sorry, I forgot to specify you that yes: since the one-way trust is not transitive, there is no trust relationship between the child domains.
Hope it helps, Elbereth21
0
 
elbereth21Commented:
Another link about trees and forest, you might find interesting:http://www-tus.csx.cam.ac.uk/techlink/workshops/active_directory_2/sld001.htm
Sorry for the multiple post, I need to re-arrange my bookmarks, anytime soon.
0
 
dissolvedAuthor Commented:
Thanks!
0
 
elbereth21Commented:
You're always welcome.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 7
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now