Trust Between a Forest Domain and a Child From Another Domain

Hi everyone,

We have a scenario as follows:
We have Forest A with Domain A and Child Domain B
We have another Forest 1 with Domain 1

We are considering adding a two way trust between Domain 1 and Child Domain B. My question is, would that trust allow for Domain 1 and Domain A to also trust each other?
LVL 2
Rachel FlewellingAsked:
Who is Participating?
 
Rachel FlewellingConnect With a Mentor Author Commented:
I opened a ticket with Microsoft, hopefully this can help others that may ask similar questions one day. Here is there take:

As I understand, you would like to know if domain1 will trust domain A after adding a two way trust between domain1 and child domain B.

If I have misunderstood your concern, please let me know.

After you establish a two-way trust relationship between domain B and domain 1, the two domains can trust each other. However, domain 1 and domain A cannot trust each other since they do not establish trust relationship. Although domain B is a child domain of domain A, there is no trust relationship between forest A and forest 1 which has no transitive. So, domain 1 won’t trust domain A even though child B trust domain 1.
 

I would like to provide some trust related KB article for you and hope they’ll be helpful for you. Your time is highly appreciated.

Trust Technologies Trust Technologies
URL: http://technet.microsoft.com/en-us/library/cc759554(WS.10).aspx 

How Domain and Forest Trusts Work
URL: http://technet.microsoft.com/en-us/library/cc773178(WS.10).aspx 

If anything is unclear in my email, please feel free to contact me.

Thanks.
0
 
khairilCommented:
Hi,

You can specify which domain to trust when creating forest level trust, here is some info and how to do to create cross forest trust, http://searchwindowsserver.techtarget.com/tip/How-to-create-a-cross-forest-trust-in-Active-Directory
0
 
Rachel FlewellingAuthor Commented:
Thanks but this is more of a question about how the transitivity of the trust we are considering will work. We know how to make the trust but need to be sure on if the parent domain will be able to use that trust as well.
0
 
khairilCommented:
When you do Forest level integration, the parent domain automatically trust other parent domain in different forest.

That is what we already experienced when having forest level integration between our main campus Forest with already established Forest on our dental campus (they starts with different forest/domain name). Both side users can easily authenticate on their respective domain in order to use each campuses wireless facilities.
0
 
Rachel FlewellingAuthor Commented:
Ticket opened with Microsoft. Correct answer provided by them.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.