Explicit Trusts

As you have seen in the previous section, Kerberos trusts are transitive. This means that every domain in a forest does not require an explicit trust with every other domain in the forest to be capable of passing credentials between security principals in the forest. Because of this—and because Kerberos trusts are automatically created when you add domains to the forest—administrators are relieved of much of the burden of managing explicit trust relationships that was present in NT.

If, however, you want to create trusts with other forests or NT domains, or if you want to create shortcut trusts, you must use the Active Directory Domains and Trusts MMC Snap-in (ADDT). This section demonstrates the use of the ADDT snap-in by creating ...

Get Special Edition Using Microsoft Active Directory now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.