Question on transitive trust

Transitive trust exists when all domain controllers share the same root. Or when you choose to add your domain controller to be part of the existing forest (when you first set up AD)

Now the questions.

Say I have a domain called ""    with users  Bob, Sally and Tom
I have a child called ""   with users  Ryan, Matt and Dan

1. Do changes replicate in between the 2 domains? Or are they considered seperate?
2. Can Ryan , from the domain, log into the domain?
3.  Can Bob , from the domain, log into the domain?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1.  If you are making changes to user accounts, then it's separate.  A global catalog will make a not of most changes so that if it is need by another domain, it will query the global catalog.

2.  No, unless he has an account on that domain.  That does not mean that a domain controller in the dissolved domain cannot autenticate him.  When he logs on, he will have to make sure that his domain is selected in the domain drop down list.

3.  Same as above.

If you need deeper answers, please do so.
Here is a nice link to how replication works.  It even explains the various AD partitions and how they are replicated.  Very good stuff to know.  Enjoy!
dissolvedAuthor Commented:
Ok, so even if transitive trust STILL need to have a username in the domain you are trying to log into.
Is that correct?

Thanks for link. Will read it at work tomorrow!
Yes, you are correct.  Just to clarify if needed.  Say you have a domain in NY and another in CA.  A CA user will be able to travel to NY and log on and work.  The CA user will make sure that CA domain is selected and not NY domain.  Although he could log on, he is not considered a member of the NY domain.  Additionally, you can grant him access to resources in the NY domain.  You can even make him a domain admin in the NY domain.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.