Forest Trust
When an external trust is created between a Windows Server 2003 domain and another Windows Server 2003 domain in another forest, the trust relationship can be one-way or two-way, incoming or outgoing. Selective authentication can be used to limit the domains in the trusting forest that will participate in the trust. However, the trust relationship only exists between the two domains and is not a Kerberos-style trust. Authentication across the trust relationship will be NTLM. If you require trust between all domain controllers in each of two forests, you must create a forest trust. If you do so, the trust can be one-way or two-way and will be a Kerberos transitive trust. The following requirements must be met before the trust can ...
Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.