Advanced Server con02.html Trust Relationships

Trust Relationships

Although small organizations can store accounts and resources in a single domain, large organizations typically establish multiple domains. With multiple domains, accounts usually are stored in one domain and resources in another domain or domains.

Advanced Server directory services provide security across multiple domains through trust relationships. A trust relationship is a link that combines two domains into one administrative unit that can authorize access to resources in both domains.

There are two types of trust relationships:

In a one-way trust relationship, one domain trusts the users in another domain to use its resources. More specifically, one domain trusts the domain controllers in another domain to validate user accounts to use its resources. The resources that become available are in the trusting domain, and the accounts that can use them are in the trusted domain. However, if user accounts located in the trusting domain need to use resources located in the trusted domain, that situation requires a two-way trust relationship.

A two-way trust relationship is composed of two one-way trust relationships in which each domain trusts users in the other domain. Users can log on from computers in either domain to the domain that contains their account. Each domain can have both accounts and resources. Global user accounts and global groups can be used from either domain to grant rights and permissions to resources in either domain. In other words, both domains are trusted domains.

Note

Using resources located in any domain, trusting or otherwise, always is subject to permissions associated with the resources.

For information about resource permissions, see Chapter 5, "Managing Shared Resources and Resource Security."

For information on creating trust relationships, see Administering Trust Relationships.

For additional information on planning and managing trust relationships, see the Windows NT Server Resource Kit.

For information on how to create a trust relationship, see "Adding a Trusting Domain" and "Adding a Trusted Domain" in User Manager for Domains Help.