5.3. Group Policy with Cross-Forest Trusts
Windows 2003 domains brought a new trust type to the table, a forest trust (also known as a cross-forest trust). The idea is that if you have multiple, unrelated forests, you can join their root domains with one single trust; then, anytime new domains pop up in either forest, there is an automatically implied trust relationship.
To do this requires a large commitment from all parties involved. All domains must be in at least Windows 2003 Functional mode, and all forests must be in Windows 2003 Functional mode. Only then is it possible to create cross-forest trusts via the Active Directory Domains and Trusts utility. For an example of an organization that might use this, see Figure 5.7.
In this example, ...
Get Group Policy: Fundamentals, Security, and Troubleshooting now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.