dissolved
asked on
AD installation questions
During setup of active directory, you have a few options. One is to be the root of a forest
"Domain Controller for a new domain" -click this for making childs, new domains or new forests
"Additional domain controller" - this will just be a "backup" so to speak
"Create a new domain tree" - ie: dissolved.com
"Create a child domain in an existing tree" - ie: software.dissolved.com ?
"Create a New forest" - this makes it a separate entity all together
"join an existing forest" - transitive trust is made automatically between the two domain trees. Users from domain A, can be authenticated in domain B
Is this correct?
"Domain Controller for a new domain" -click this for making childs, new domains or new forests
"Additional domain controller" - this will just be a "backup" so to speak
"Create a new domain tree" - ie: dissolved.com
"Create a child domain in an existing tree" - ie: software.dissolved.com ?
"Create a New forest" - this makes it a separate entity all together
"join an existing forest" - transitive trust is made automatically between the two domain trees. Users from domain A, can be authenticated in domain B
Is this correct?
elbereth21
I hope you are not doing this for a test at school, but, since it seems you have understood all the basics by yourself, this does not seem to be against the rules of the site. And yes, what you say is correct.
As a side note, you might find these e-books useful http://www.netpro.com/ebook/index.cfm
ASKER
N no definitely not doing this for school. I am out of school and getting old lol :(
I'm a network admin ,they are just now letting us touch the AD boxes. I spent a plethora of cash getting some software to use at home.
Anyway:
So all of assumptions in my original post were correct???
2 last questions friend:
-My main question is when you choose "JOIN AN EXISTING FOREST." I noticed it makes automatic transitive trust. what does this mean? If im a user named B who resides in DOMAIN B. I can be authenticated in DOMAIN A correct? Even if I dont have a user account in DOMAIN A? Is this what transitive trust measn?
-I've linked two forests together before and made one way trust. I think this means no child domains have trust. Correct?
I'm a network admin ,they are just now letting us touch the AD boxes. I spent a plethora of cash getting some software to use at home.
Anyway:
So all of assumptions in my original post were correct???
2 last questions friend:
-My main question is when you choose "JOIN AN EXISTING FOREST." I noticed it makes automatic transitive trust. what does this mean? If im a user named B who resides in DOMAIN B. I can be authenticated in DOMAIN A correct? Even if I dont have a user account in DOMAIN A? Is this what transitive trust measn?
-I've linked two forests together before and made one way trust. I think this means no child domains have trust. Correct?
Forests share Global Catalogs and AD Schema. With the trust between the Domains, the users can log in to the different domains automatically.
This document has great information about trusts http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd05.mspx
As for your last question; these are the main effects of a one-way trust:
• A user who is logged on to the trusted domain can be authenticated to connect to a resource server in the trusting domain.
• A user can use an account in the trusted domain to log on to the trusted domain from a computer in the trusting domain.
• A user in the trusting domain can list trusted domain security principals and add them to groups and access control lists (ACLs) on resources in the trusting domain.
As for your last question; these are the main effects of a one-way trust:
• A user who is logged on to the trusted domain can be authenticated to connect to a resource server in the trusting domain.
• A user can use an account in the trusted domain to log on to the trusted domain from a computer in the trusting domain.
• A user in the trusting domain can list trusted domain security principals and add them to groups and access control lists (ACLs) on resources in the trusting domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another link about trees and forest, you might find interesting:http://www-tus.csx.cam.ac.uk/techlink/workshops/active_directory_2/sld001.htm
Sorry for the multiple post, I need to re-arrange my bookmarks, anytime soon.
Sorry for the multiple post, I need to re-arrange my bookmarks, anytime soon.
ASKER
Thanks!
You're always welcome.