Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory Trusts

Published byHenry Jacobs Modified over 5 years ago

Similar presentations

Presentation on theme: "Active Directory Trusts"— Presentation transcript:

1 Active Directory Trusts
2.4 Plan Active Directory Active Directory Trusts TestOut Server Pro 2016: Identity

2 Section Skill Overview
Create a shortcut trust. TestOut Server Pro 2016: Identity

3 Key Terms Transitivity TestOut Server Pro 2016: Identity

4 Key Definitions External: External trusts provide access to resources located on a Windows NT 4.0 domain or a domain located in a forest that is not joined by a forest trust. External trusts are non-transitive and use NT LAN Manager authentication (NTLM) protocols. Realm: Realm trusts form a trust relationship between a non- Windows Kerberos realm and a Windows Server 2008 or later domain. Realm trusts can be transitive or non-transitive and use Kerberos. TestOut Server Pro 2016: Identity

5 Key Definitions Transitivity: Transitivity defines whether trust between domains flows or is inherited to other trusted domains. TestOut Server Pro 2016: Identity

6 Trusts Trusts allow users to access resources in another domain.
I need access to your share Share User Domain Corp Domain ACME TestOut Server Pro 2016: Identity

7 Domain Corp trusts Domain ACME
Trusts allow users to access resources in another domain. Trust options include: One-way or two-way Domain Corp trusts Domain ACME Share User Domain Corp Domain ACME TestOut Server Pro 2016: Identity

8 Domain Corp trusts Domain ACME
Trusts allow users to access resources in another domain. Trust options include: One-way or two-way Incoming or outgoing Transitive and nontransitive Domain Corp trusts Domain ACME Outgoing Trust Incoming Trust Share User Domain Corp Domain ACME TestOut Server Pro 2016: Identity

9 Trusts Trusts allow users to access resources in another domain
Trust options include One-way or two-way Incoming or outgoing Transitive Nontransitive A trusts B and C Domain C Domain A Domain B B trusts C A trusts B Domain C Domain A Domain B B trusts C TestOut Server Pro 2016: Identity

10 Types of Trusts Automatic Cross-forest External Realm Shortcut
TestOut Server Pro 2016: Identity

11 Automatic Transitive Trusts
CorpNet.com Forest CorpNet.com NetCorp.com West.CorpNet.com Two-way Transitive Created when a new domain is added to a domain tree or forest root domain. TestOut Server Pro 2016: Identity

12 Cross-Forest Trusts Are manual trusts created between two forests.
Must have a forest functional levels of Windows 2003 or higher. Forest A Forest C A C B.A D.C TestOut Server Pro 2016: Identity

13 Active Directory Trusts
Are manual trusts created between two forests. Must have a forest functional levels of Windows 2003 or higher. Are nontransitive. No trust between domains A and C A B.A Forest A B Forest B C C.A Forest C A trusts B B trusts C TestOut Server Pro 2016: Identity

14 Cross-Forest Trust Authentication
Forest-wide: Permits unrestricted access by any users in the specified forest to all available shared resources. Enabled by default. Selective: Allows selected users and groups in remote forest to access resources in local forest. Must assign the Allowed to Authenticate right. TestOut Server Pro 2016: Identity

15 Cross-Forest Trust Domain names are added to the Name Suffix Routing List at the creation of the trust. Domain names are removed to exempt a trust. New domains added after the trust creation must be added manually to the routing list. TestOut Server Pro 2016: Identity

16 External and Realm Trusts
External Trust A nontransitive trust between domains in different forests Forest A Forest C A C B.A D.C TestOut Server Pro 2016: Identity

17 External and Realm Trusts
External Trust A nontransitive trust between domains in different forests Realm Trust A nontransitive trust between an Active Directory domain and a Kerberos V5 realm. TestOut Server Pro 2016: Identity

18 Active Directory Trusts
Forest A A transitive trust between domains in the tree or forest. Used to shorten the trust path. Not required to traverse multiple trusts. A B.A C.B.A D.A E.D.A Shortcut Trust TestOut Server Pro 2016: Identity

19 Summary Trust Types Automatic Cross-forest External Realm Shortcut
TestOut Server Pro 2016: Identity

20 In-Class Practice Do the following labs: 2.4.8 Create a Shortcut Trust
TestOut Server Pro 2016: Identity

21 Class Discussion What advantages does selective authentication provide to system administrators for securing resources in a forest? TestOut Server Pro 2016: Identity

22 Class Discussion When should you use a realm trust?
TestOut Server Pro 2016: Identity

Download ppt "Active Directory Trusts"

Similar presentations

Active Directory: Beyond The Basics

Active Directory: Beyond The Basics
Windows Server 2003 建立網域間之信任關係

Windows Server 2003 建立網域間之信任關係
Module 3: Configuring Active Directory Objects and Trusts.

Module 3: Configuring Active Directory Objects and Trusts.
Introduction to Active Directory

Introduction to Active Directory
11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.

11 WORKING WITH GROUPS Chapter 7. Chapter 7: WORKING WITH GROUPS2 CHAPTER OVERVIEW  Understand the functions of groups and how to use them.  Understand.
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Active Directory Implementation Class 4

Active Directory Implementation Class 4
Chapter 4: Active Directory Design and Security Concepts

Chapter 4: Active Directory Design and Security Concepts
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.
Understand Active Directory Infrastructure

Understand Active Directory Infrastructure
6.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts.

6.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 6: Administering User Accounts.
Designing Active Directory for Security

Designing Active Directory for Security
Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries.

Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
8.1 © 2004 Pearson Education, Inc. Exam 70-297 Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.

8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Configuring Active Directory Objects and Trusts

Configuring Active Directory Objects and Trusts
Module 3: Configuring Active Directory Objects and Trusts.

Module 3: Configuring Active Directory Objects and Trusts.
Implementing Active Directory Lesson 2. Skills Matrix Technology SkillObjective DomainObjective # Installing a New Active Directory Forest Configure a.

Implementing Active Directory Lesson 2. Skills Matrix Technology SkillObjective DomainObjective # Installing a New Active Directory Forest Configure a.
Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4.

Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4.

Similar presentations

Ads by Google