Solved

Trust Between a Forest Domain and a Child From Another Domain

Posted on 2011-09-08
5
499 Views
Last Modified: 2012-05-12
Hi everyone,

We have a scenario as follows:
We have Forest A with Domain A and Child Domain B
We have another Forest 1 with Domain 1

We are considering adding a two way trust between Domain 1 and Child Domain B. My question is, would that trust allow for Domain 1 and Domain A to also trust each other?
0
Comment
Question by:Rachel Flewelling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 13

Expert Comment

by:khairil
ID: 36504262
Hi,

You can specify which domain to trust when creating forest level trust, here is some info and how to do to create cross forest trust, http://searchwindowsserver.techtarget.com/tip/How-to-create-a-cross-forest-trust-in-Active-Directory
0
 
LVL 2

Author Comment

by:Rachel Flewelling
ID: 36504448
Thanks but this is more of a question about how the transitivity of the trust we are considering will work. We know how to make the trust but need to be sure on if the parent domain will be able to use that trust as well.
0
 
LVL 13

Expert Comment

by:khairil
ID: 36504780
When you do Forest level integration, the parent domain automatically trust other parent domain in different forest.

That is what we already experienced when having forest level integration between our main campus Forest with already established Forest on our dental campus (they starts with different forest/domain name). Both side users can easily authenticate on their respective domain in order to use each campuses wireless facilities.
0
 
LVL 2

Accepted Solution

by:
Rachel Flewelling earned 0 total points
ID: 36524455
I opened a ticket with Microsoft, hopefully this can help others that may ask similar questions one day. Here is there take:

As I understand, you would like to know if domain1 will trust domain A after adding a two way trust between domain1 and child domain B.

If I have misunderstood your concern, please let me know.

After you establish a two-way trust relationship between domain B and domain 1, the two domains can trust each other. However, domain 1 and domain A cannot trust each other since they do not establish trust relationship. Although domain B is a child domain of domain A, there is no trust relationship between forest A and forest 1 which has no transitive. So, domain 1 won’t trust domain A even though child B trust domain 1.
 

I would like to provide some trust related KB article for you and hope they’ll be helpful for you. Your time is highly appreciated.

Trust Technologies Trust Technologies
URL: http://technet.microsoft.com/en-us/library/cc759554(WS.10).aspx 

How Domain and Forest Trusts Work
URL: http://technet.microsoft.com/en-us/library/cc773178(WS.10).aspx 

If anything is unclear in my email, please feel free to contact me.

Thanks.
0
 
LVL 2

Author Closing Comment

by:Rachel Flewelling
ID: 36553476
Ticket opened with Microsoft. Correct answer provided by them.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question