[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

Question on transitive trust

Transitive trust exists when all domain controllers share the same root. Or when you choose to add your domain controller to be part of the existing forest (when you first set up AD)

Now the questions.

Say I have a domain called "dissolved.com"    with users  Bob, Sally and Tom
I have a child called "software.dissolved.com"   with users  Ryan, Matt and Dan

1. Do changes replicate in between the 2 domains? Or are they considered seperate?
2. Can Ryan , from the software.dissolved.com domain, log into the dissolved.com domain?
3.  Can Bob , from the dissolved.com domain, log into the software.dissolved.com domain?


Thanks
0
dissolved
Asked:
dissolved
  • 3
1 Solution
 
cfairleyCommented:
1.  If you are making changes to user accounts, then it's separate.  A global catalog will make a not of most changes so that if it is need by another domain, it will query the global catalog.

2.  No, unless he has an account on that domain.  That does not mean that a domain controller in the dissolved domain cannot autenticate him.  When he logs on, he will have to make sure that his domain is selected in the domain drop down list.

3.  Same as above.

If you need deeper answers, please do so.
0
 
cfairleyCommented:
Here is a nice link to how replication works.  It even explains the various AD partitions and how they are replicated.  Very good stuff to know.  Enjoy!

http://www.eu.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/ntopt11.mspx
0
 
dissolvedAuthor Commented:
Ok, so even if transitive trust exists...you STILL need to have a username in the domain you are trying to log into.
Is that correct?

Thanks for link. Will read it at work tomorrow!
0
 
cfairleyCommented:
Yes, you are correct.  Just to clarify if needed.  Say you have a domain in NY and another in CA.  A CA user will be able to travel to NY and log on and work.  The CA user will make sure that CA domain is selected and not NY domain.  Although he could log on, he is not considered a member of the NY domain.  Additionally, you can grant him access to resources in the NY domain.  You can even make him a domain admin in the NY domain.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now