Solved

Trust Between a Forest Domain and a Child From Another Domain

Posted on 2011-09-08
5
488 Views
Last Modified: 2012-05-12
Hi everyone,

We have a scenario as follows:
We have Forest A with Domain A and Child Domain B
We have another Forest 1 with Domain 1

We are considering adding a two way trust between Domain 1 and Child Domain B. My question is, would that trust allow for Domain 1 and Domain A to also trust each other?
0
Comment
Question by:prnamessaging
  • 3
  • 2
5 Comments
 
LVL 13

Expert Comment

by:khairil
ID: 36504262
Hi,

You can specify which domain to trust when creating forest level trust, here is some info and how to do to create cross forest trust, http://searchwindowsserver.techtarget.com/tip/How-to-create-a-cross-forest-trust-in-Active-Directory
0
 
LVL 2

Author Comment

by:prnamessaging
ID: 36504448
Thanks but this is more of a question about how the transitivity of the trust we are considering will work. We know how to make the trust but need to be sure on if the parent domain will be able to use that trust as well.
0
 
LVL 13

Expert Comment

by:khairil
ID: 36504780
When you do Forest level integration, the parent domain automatically trust other parent domain in different forest.

That is what we already experienced when having forest level integration between our main campus Forest with already established Forest on our dental campus (they starts with different forest/domain name). Both side users can easily authenticate on their respective domain in order to use each campuses wireless facilities.
0
 
LVL 2

Accepted Solution

by:
prnamessaging earned 0 total points
ID: 36524455
I opened a ticket with Microsoft, hopefully this can help others that may ask similar questions one day. Here is there take:

As I understand, you would like to know if domain1 will trust domain A after adding a two way trust between domain1 and child domain B.

If I have misunderstood your concern, please let me know.

After you establish a two-way trust relationship between domain B and domain 1, the two domains can trust each other. However, domain 1 and domain A cannot trust each other since they do not establish trust relationship. Although domain B is a child domain of domain A, there is no trust relationship between forest A and forest 1 which has no transitive. So, domain 1 won’t trust domain A even though child B trust domain 1.
 

I would like to provide some trust related KB article for you and hope they’ll be helpful for you. Your time is highly appreciated.

Trust Technologies Trust Technologies
URL: http://technet.microsoft.com/en-us/library/cc759554(WS.10).aspx

How Domain and Forest Trusts Work
URL: http://technet.microsoft.com/en-us/library/cc773178(WS.10).aspx

If anything is unclear in my email, please feel free to contact me.

Thanks.
0
 
LVL 2

Author Closing Comment

by:prnamessaging
ID: 36553476
Ticket opened with Microsoft. Correct answer provided by them.
0

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now