Sunday, June 15, 2008

ActiveDirectory: Trust

the trusting domain and the trusted domain

One-way trust

The users or computers in the trusted domain can access resources in the trusting domain.

For the diagram above, we have the following summary:

When you create a trust from the Account Domain (trusted), the type of trust will be "incoming trust".

When you create a trust from the Resource Domain (Trusting), the type of trust will be "outgoing trust".

Remember that Direction of Trust is the opposite to Direction of Access.

Scenario 1:

Users in the sales.wingtiptoys.com domain want to access resources in the Kerberos realm.

Sales.wingtiptoys.com domain is the Windows Server 2003 domain. When you create a trust by Active Directory Domain and Trust utility, you should select

On the Trust Type page, click Realm trust

On the Direction of Trust page, click One-way: incoming

===

For this trust to function, the administrator of the realm must complete the trust, using his or her administrative credentials and the exact same trust password that was used during this procedure.

--outgoing trust