Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » forest trust inheritance/transitivity
forest trust inheritance/transitivity [message #160546] Tue, 01 September 2009 06:56 Go to next message
habanera  is currently offline habanera  Germany
Messages: 6
Registered: September 2009
Junior Member
Hello everyone!

Just a simple question:

in an AD 2003 structure there are 3 forests (not domains!!):

forest A has a trust to forest B
forest B has a trust to forest C

What happens between A and C? Is there also a trust over transitivity
or must have create an own trust between A and C?

Many thanks!
Re: forest trust inheritance/transitivity [message #160548 is a reply to message #160546] Tue, 01 September 2009 07:04 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

Björn wrote:
> in an AD 2003 structure there are 3 forests (not domains!!):
>
> forest A has a trust to forest B
> forest B has a trust to forest C
>
> What happens between A and C? Is there also a trust over transitivity
> or must have create an own trust between A and C?

You'll need to create another forest trust between the A and C forest as
there is no forest trust transitivity.

Cheers,
Florian
Re: forest trust inheritance/transitivity [message #160549 is a reply to message #160546] Tue, 01 September 2009 07:07 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Björn,

Then users from B can access A and C and the other ones only B. Also see
"Two Forest Trusts Between Three Windows Server 2003 Forests " in:
http://technet.microsoft.com/en-us/library/cc773178(WS.10).aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello everyone!
>
> Just a simple question:
>
> in an AD 2003 structure there are 3 forests (not domains!!):
>
> forest A has a trust to forest B
> forest B has a trust to forest C
> What happens between A and C? Is there also a trust over transitivity
> or must have create an own trust between A and C?
>
> Many thanks!
>
Re: forest trust inheritance/transitivity [message #160550 is a reply to message #160546] Tue, 01 September 2009 07:07 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Björn,

Forget to answer the question, create a trust between A and C.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello everyone!
>
> Just a simple question:
>
> in an AD 2003 structure there are 3 forests (not domains!!):
>
> forest A has a trust to forest B
> forest B has a trust to forest C
> What happens between A and C? Is there also a trust over transitivity
> or must have create an own trust between A and C?
>
> Many thanks!
>
Re: forest trust inheritance/transitivity [message #160551 is a reply to message #160546] Tue, 01 September 2009 07:12 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Björn" <habanera@gmx.com> wrote in message
news:OTgSXOwKKHA.1252@TK2MSFTNGP04.phx.gbl...
> Hello everyone!
>
> Just a simple question:
>
> in an AD 2003 structure there are 3 forests (not domains!!):
>
> forest A has a trust to forest B
> forest B has a trust to forest C
>
> What happens between A and C? Is there also a trust over transitivity or
> must have create an own trust between A and C?
>
> Many thanks!

Nothing happens between A and C. If they are true separate forests, the only
type of trusts that exist are one way, non-transitive trusts (forest DNS
based trusts or domain to domain NTLM based trusts). This follows the old
NT4 type design model. If you want A to trust C, you will have to
specifically create the trust.

In your scenario:
If A trusts B, B still doesn't trust A until you manually create it.
If B trusts C, C still doesn't rust B until you manually create it.

If you were to setup a complete trust model or a Multi-Master Domain Model,
where all three trust each other (non-transitively) and no resource domains,
the number of trusts you would need with 3 domains:
T = trusts, R = resource domains, D = Domains

T = M * (M - 1) + (R * M )
T = 3 * 2 + (0 * 3)
T = 6

or simply put since you have no resource domains in a multi master model:
T = D * ( D - 1)
T = 3 * 2
T = 6

MOre info and more formulas

NT4 Domain Trust Models
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsNT /AdminTips/Network/WindowsNT4DomainModels.html


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: forest trust inheritance/transitivity [message #160574 is a reply to message #160546] Wed, 02 September 2009 01:15 Go to previous messageGo to next message
habanera  is currently offline habanera  Germany
Messages: 6
Registered: September 2009
Junior Member
Hello!

Many thanks for your answers!
Re: forest trust inheritance/transitivity [message #160587 is a reply to message #160574] Wed, 02 September 2009 06:19 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Björn" <habanera@gmx.com> wrote in message
news:eoon305KKHA.3708@TK2MSFTNGP02.phx.gbl...
> Hello!
>
> Many thanks for your answers!
>


You are welcome!
Previous Topic:Logon as a service
Next Topic:Forest to Forest trust?
Goto Forum:
  


Current Time: Tue Jan 16 10:34:30 MST 2018

Total time taken to generate the page: 0.05281 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software