Trust Relationship
Trust means to
connect the multiple domains. We can provide our resources to the users of
another domains. User can access the resources of another domains.
There are
different types of trust :-
1. One-Way trust
It means a domain
will access the resources but it will not provide any resource.
2. Two-Way trust
It means both
domains can exchange their resources with each other.
3. Transitive
trust or Forest trust
It means trust
can be create automatically.
4. Non-Transitive
trust or External trust
NOTE: There are
also child trust, parent trust, shortcut
trust etc.
We create trust
when different companies will merge together or we need new AD for the branch
office.
Options in trust
1.
Outgoing domain or Trusting domain
It
means the domain which can provide resources to other domains.
2.
Incoming domain or Trusted domain
It
means the domain which can access
resources of other domains.
NOTE: Here, outgoing domain is A.com which is
providing printer.
To
create trust manually :-
Open AD Domains and Trusts
-> Domain name ->
Properties -> Trust tab ->
New Trust -> Give name
of another domain
NOTE: If DNS server is not configured properly, then we have to use
NetBIOS name.
We can create trust automatically. If we want new DC, new
Domain, new Tree in the Existing Forest or we want automatic trust in the new
branch office, then we can select option during installation of AD in the
branch office. It will be transitive trust.
NOTE:
To create trust automatically :-
Select New
DC -> New Domain -> New Tree -> Existing Forest
CDC (Child Domain Controller)
It is new domain in the existing tree and
existing forest. We can configure Child Domain for the branch office where we
want new domain and new AD but the parent name should be same in the entire
tree structure. By default there will be
transitive trust. Active Directory will
be different but there will be partial replication when we create any
trust. Administrator of child domain
will have read only permission in GCS but we can add him in the Enterprise
Admin group of GCS to give full control in the entire forest, if required. We
can configure CDC and ADC for the child
domain also.
If we create
grandchild, then we can also create shortcut trust for direct and faster
replication between india.com and church.goa.india.com.
We can create trust manually if different companies
will merge like yahoo.com and usa.com.
We can create forest trust for the new branch
office like usa.com and india.com.
By default Administrator of GCS is member of
Enterprise Admin group in GCS and have full control in the entire forest.
The above diagram is
forest and india.com, usa.com, yahoo.com are different tree structures.
No comments:
Post a Comment