?
Solved

Trust Between a Forest Domain and a Child From Another Domain

Posted on 2011-09-08
5
Medium Priority
?
512 Views
Last Modified: 2012-05-12
Hi everyone,

We have a scenario as follows:
We have Forest A with Domain A and Child Domain B
We have another Forest 1 with Domain 1

We are considering adding a two way trust between Domain 1 and Child Domain B. My question is, would that trust allow for Domain 1 and Domain A to also trust each other?
0
Comment
Question by:Rachel Flewelling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 13

Expert Comment

by:khairil
ID: 36504262
Hi,

You can specify which domain to trust when creating forest level trust, here is some info and how to do to create cross forest trust, http://searchwindowsserver.techtarget.com/tip/How-to-create-a-cross-forest-trust-in-Active-Directory
0
 
LVL 2

Author Comment

by:Rachel Flewelling
ID: 36504448
Thanks but this is more of a question about how the transitivity of the trust we are considering will work. We know how to make the trust but need to be sure on if the parent domain will be able to use that trust as well.
0
 
LVL 13

Expert Comment

by:khairil
ID: 36504780
When you do Forest level integration, the parent domain automatically trust other parent domain in different forest.

That is what we already experienced when having forest level integration between our main campus Forest with already established Forest on our dental campus (they starts with different forest/domain name). Both side users can easily authenticate on their respective domain in order to use each campuses wireless facilities.
0
 
LVL 2

Accepted Solution

by:
Rachel Flewelling earned 0 total points
ID: 36524455
I opened a ticket with Microsoft, hopefully this can help others that may ask similar questions one day. Here is there take:

As I understand, you would like to know if domain1 will trust domain A after adding a two way trust between domain1 and child domain B.

If I have misunderstood your concern, please let me know.

After you establish a two-way trust relationship between domain B and domain 1, the two domains can trust each other. However, domain 1 and domain A cannot trust each other since they do not establish trust relationship. Although domain B is a child domain of domain A, there is no trust relationship between forest A and forest 1 which has no transitive. So, domain 1 won’t trust domain A even though child B trust domain 1.
 

I would like to provide some trust related KB article for you and hope they’ll be helpful for you. Your time is highly appreciated.

Trust Technologies Trust Technologies
URL: http://technet.microsoft.com/en-us/library/cc759554(WS.10).aspx 

How Domain and Forest Trusts Work
URL: http://technet.microsoft.com/en-us/library/cc773178(WS.10).aspx 

If anything is unclear in my email, please feel free to contact me.

Thanks.
0
 
LVL 2

Author Closing Comment

by:Rachel Flewelling
ID: 36553476
Ticket opened with Microsoft. Correct answer provided by them.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question