Trust Relation Types in Windows 2003 and 2008 Server

By WireINPUT -
Parent-child trust
This trust is implicitly created when we add a new child domain to a tree. This trust is a two-way and transitive in nature.
Tree-root Trust
This trust is implicitly established when we add a new tree root domain to a forest. This trust is two-way and transitive in nature.
Shortcut Trust
This trust is created to improve user logon times between two domains in a forest. This trust is created explicitly, transitive and can be one-way or two-way.
As you can see in the above diagram, one-way trust is created from techpeoples.net to asia.microsoft.com so that users in asia.microsoft.com can logon to techpeoples.net domain, but not vice-versa. In other scenario, two way trusts is created between usa.techpeoples.net and europe.microsoft.com so that users in each domain can logon to other domain, two-way trust.

External Trust
External trust is created between two different forests or between a Windows Server 2003 domain and Windows NT 4 domain. This trust is explicitly created, non-transitive in nature and can be one-way or two-way.
 

As you can see in the above diagram, one-way trust is created from techpeoples.net to asia.microsoft.com so that users in asia.microsoft.com can logon to techpeoples.net domain, but not vice-versa. In other scenario, two way trusts is created between usa.techpeoples.net and europe.microsoft.com so that users in each domain can logon to other domain, two-way trust.

Realm Trust
Realm trust is created between a Windows Server 2008 and non-windows Kerberos realm. This trust us explicitly created, non-transitive and can be one-way or two-way.
Forest Trust
 Forest trust is created between two forest root domains. Trust is explicitly transitive in nature and can be one-way or two-way.

 
As you can see in the above diagram, a two-way trust is created between two different forests.

Comments

Post a Comment

Popular posts from this blog

VMware PSOD Purple Screen of Death - Debugger waiting (world 2078) -- no port for remote debugger. "Escape" for local debugger

By WireINPUT -
Image
How to deal with PSOD - VMware PSOD Purple Screen of Death - Debugger waiting (world 2078) -- no port for remote debugger. "Escape" for local debugger - Easy troubleshooting steps and how to identify or determine exact root cause of the PSOD issue Host is down with PSOD with the above said error. Verified BIOS settings, worked with on site engineer, contacted the IBM server support (since this is IBM server, have contacted IBM, if it is IBM or some other hardware, you may need to reach out the respective vendor) Sometimes it could be server hardware issue like DIMMs, CPU, Processor related or may be a chance of network related. Please have a through check on the above said and come to a conclusion what could the issue. Based on that, need to troubleshoot the issue.
Read more

The Windows Time Service terminated with the following error - Event ID 7023 & 46

By nag -
After you upgrade a Microsoft Windows Server 2003-based domain controller to Windows Server 2003 Service Pack 1 (SP1), the Windows Time service may not start. In this scenario, the following events may be logged in the Windows System log. Message 1 Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7023 Description: The Windows Time service terminated with the following error: Not all privileges referenced are assigned to the caller. For more information, see Help and Support Center at http://support.microsoft.com. Message 2 Event Type: Error Event Source: W32Time Event Category: None Event ID: 46 Description: The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started. Additionally, when you try to start the Windows Time service manually, you may receive one of the following error messages: Error 1083: The executable program that this servic
Read more

IBM x3650 M4 Series Server Model - Activation Keys Backup to be taken for IMM Moduel II, why?

By WireINPUT -
Image
If you are planning to replace the system board (Mother Board) for M4 series of IBM xSeries 3650 model server, you should and must take the activation keys backup, otherwise you will miss the IMM key. IMM key something like iLO Activation key on HP servers. If that  iLO key didn't acivated, then you won't get the 'Remote Access' option. In the same way, IBM series requires a key to be activated to access the IMM console. IMM Activation to be backuped and restore once the new board get replaced. Here is the screenshot there you see more options what we discussed so far -
Read more