Q: What is the meaning of trust transitivity in the context of trust relationships that are defined between Windows Active Directory (AD) domains? Are trust relationships defined between domains that are located in different AD forests also transitive?
A: Before we define trust transitivity let's make sure we're on the same line regarding the meaning of the trust concept in the context of AD domains. Trust relationships define an administrative and security link between two Windows domains or forests. They enable a user to access resources that are located in a domain or forest that’s different from the user’s proper domain or forest.
When a trust relationship is set up between two domains, there’s always a trusted and a trusting domain. The trusting domain is the one that initiates the setup of a trust relationship. The trusted domain is the subject of the trust definition. These concepts are illustrated in Figure 1: If domain compaq.com sets up a trust with the hp.com domain--in which case hp.com is the trusted domain and compaq.com the trusting domain--all accounts defined in hp.com will be trusted. This means that you can use all hp.com accounts and groups to set access control settings on resources in the compaq.com domain. This is typically done by adding them to existing domain local groups or server local groups, which grant the actual permissions on resources in the compaq.com domain. . . .
Pfiddy_techy June 05, 2007 (Article Rating: