Advantages of a Forest Trust over an external trust

Posted on 2007-08-07
Medium Priority
Last Modified: 2012-05-05
I've created a one way External trust between 2 domains that exist in seperate forests and it works fine.  It so happens that the domains are the forest root domains in each forest.

What is the advantage of a Forest Trust ?  ie what does it give me that my external trust dosent now ?

Question by:tickleonthetum
  • 2
LVL 31

Accepted Solution

Toni Uranjek earned 2000 total points
ID: 19644287

External trust does not support Kerberos authentication, only NTLM and it's not transitive.
Forest trust support both NTL and Kerberos authentication and it's partially transitive. It works for all domain in both forests, when forest wide authentication is enabled.
To create Forest trust, both forests has to be in FFL 2003 (Forest Functional Level).



Author Comment

ID: 19644437
Thanks Toni.
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 26482976

I have a small question here:

does the external trust transitive to the child domains (sub tree) under the parent domain that i have created the trust on?

could you help please ?  
LVL 31

Expert Comment

by:Toni Uranjek
ID: 26584024
No, external trusts are not transitive or partialy transitive.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question