Domain Trust

In a AD Domain and Trust console, I see:
domain name:domain1  trust type: external  transitive: No
domain name:domain2  trust type: Forest  transitive: Yes
domain name:domain3  trust type: Forest  transitive: Yes

Can someone explain to me what they mean.

with domain2 and domain3 it seems like their users will be able to authenticate to our domain (correct me if I am wrong).

but I am not sure about domain1?
 any help will be very much appreciated.

Thanks
jskfanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SandeshdubeySenior Server EngineerCommented:
Transitive trusts: A transitive trust is when a trust can be extended outside of the two domains in which it was created.A domain connected via a transitive trust can thus access any other domain when there is a path of transitive trusts between that domain and the target domain.

Non-transitive trust
A non-transitive trust is a trust that will not extend past the domains it was created with. If domain A was connected to domain B and domain B connected to domain C using non-transitive trusts the following would occur. Domain A and domain B would be able to access each other. Domain B could access domain C. Domain A, however, could not access domain C. Even though the domains are indirectly connected, since the trust is non-transitive the connection will stop once it gets to domain B. In order for domain A and domain C to communicate using non-transitive trust you would need to create another trust between domain A and domain C.

Reference link:http://itfreetraining.com/70-640/active-directory-trusts/

More on trust see below links.
http://technet.microsoft.com/en-us/library/cc775736(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc754612.aspx
http://technet.microsoft.com/en-us/library/cc739693(v=ws.10).aspx
0
jskfanAuthor Commented:
I am looking for the following info from our AD domain and Trust.
our AD domain name is domainA.
how do you explain the trust we have with domains listed below:

domain name:domain1  trust type: external  transitive: No
domain name:domain2  trust type: Forest  transitive: Yes
domain name:domain3  trust type: Forest  transitive: Yes

I also am trying to add my accound( domain admin account in domainA) to RDP users group on a computer located in domain2, using computer management, but get access denied.
0
SandeshdubeySenior Server EngineerCommented:
Can you post the trust tab printscreen  form AD domain trust mmc.

Domain Admin rights on a cross-forest domain trust
http://jasonduffett.net/post/5448151233/administering-cross-forest-domains-with-a-single-login

Forest Trust domain admins to manage both domains
http://social.technet.microsoft.com/Forums/windowsserver/en-US/fa4070bd-b09f-4ad2-b628-2624030c0116/forest-trust-domain-admins-to-manage-both-domains
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

jskfanAuthor Commented:
the AD domain I am in is Domain A, and the the Trust tab shows:

domain name:domain1  trust type: external  transitive: No
domain name:domain2  trust type: Forest  transitive: Yes
domain name:domain3  trust type: Forest  transitive: Yes

I had my AD account been added manually to AD in domain2 by the domain admin of domain2.

I can login to any computer in domain2, but I get access denied if I try to add my account to RDP users group local to the computer in domain2.

Cannot figure out the issue.
0
SandeshdubeySenior Server EngineerCommented:
Try this create Domain Local security Group in domain2,Add to Remote desktop user group on local computer.Add the user from other domain(your user id) to this Domain Local security Group and check.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Administrator drom Domain2 created my account and added it to a group then added that group to local RDP on the server..
it is working now
0
jskfanAuthor Commented:
Thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.