asked on

Question on transitive trust

Transitive trust exists when all domain controllers share the same root. Or when you choose to add your domain controller to be part of the existing forest (when you first set up AD)

Now the questions.

Say I have a domain called "dissolved.com" with users Bob, Sally and Tom
I have a child called "software.dissolved.com" with users Ryan, Matt and Dan

1. Do changes replicate in between the 2 domains? Or are they considered seperate?
2. Can Ryan , from the software.dissolved.com domain, log into the dissolved.com domain?
3. Can Bob , from the dissolved.com domain, log into the software.dissolved.com domain?

Thanks

cfairley

1. If you are making changes to user accounts, then it's separate. A global catalog will make a not of most changes so that if it is need by another domain, it will query the global catalog.

2. No, unless he has an account on that domain. That does not mean that a domain controller in the dissolved domain cannot autenticate him. When he logs on, he will have to make sure that his domain is selected in the domain drop down list.

3. Same as above.

If you need deeper answers, please do so.

cfairley

Here is a nice link to how replication works. It even explains the various AD partitions and how they are replicated. Very good stuff to know. Enjoy!

http://www.eu.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/ntopt11.mspx

dissolved

ASKER

Ok, so even if transitive trust exists...you STILL need to have a username in the domain you are trying to log into.
Is that correct?

Thanks for link. Will read it at work tomorrow!

ASKER CERTIFIED SOLUTION

cfairley

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial