Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trust Clarification Please 1

Status
Not open for further replies.
nryan1980

nryan1980

Technical User
Feb 21, 2003
44
CA
Okay guys, I'm real sorry about this, it's going to seem really lame. I'm reading up on 2000 because I want to start studying for my MCSE. I studied it a bit in school, but the course was a very basic overview, and I am now in the process of reading the whole text book they suggested we buy for the course... I figure when I'm done that I'll start studying more in-depth for each exam.

ANYHOW... right now I'm reading about trusts, and the book is a little obscure and was hoping that someone might be able to clarify the whole thing for me a little bit.

Setting up an Explicit Transitive Two-Way Domain Trust:
AD Domains & Trusts --> right-click the domain --> Properties --> Trusts Tab. In there you have "Domains trusted by this domain" and "Domains that trust this domain." In my book it says:
"Click the Domains trusted by this domain, select the Add button, type in the target domain name, and supply the password information; then select the Domains that trust this domain and follow the same procedure as above."
Okay, so what's with the password information? It totally skips over that... do you have to enter the administrative password for the domain that you're adding, or do you create some separate password to be used just to establish the trust???

I was also wondering about the two sections on the Trusts tab. They each have three fields (Domain Name, Relationship, and Transitive.) Once you've completed the outlined steps above (on both ends I'm assuming?) does the entry under the Transitive field become "Yes"?

For Explicit One-Way Domain Trusts:
Book says to click Add for the Domains trusted by this domain and then type in the target domain name and password information (again with the password.) I'm assuming that on the other end you have to do the opposite (click Add for the Domains that trust this domain, type in other domain name and password.)

Am I way off? I think I get the basic gist of it, I would just like some clarification of the password thing and for someone to confirm that this has to be set up on both domains involved in the trust. And that you have to select the opposite option when setting up a one-way trust.

Thank you very much for the long read, I really appreciate it. Maybe one of you kind people will hire me some day! [thumbsup2]
 
Sort by date Sort by votes
Anyone??? Guess it's a pretty long read... sorry
 
Upvote 0 Downvote
OK, here goes...now, I'm not an MCSE, so this is just coming from experience. I can't say how it will translate in terms of MS study guides...

1)The password info would be that of an admin account (likely a domain admin) in the opposing domain.

2)The Transitive section applies when you have more than one domain in a trusted/trusting Forest. That is, suppose I live in DomainA, and DomainA has a child, DomainB. Now, I decide I'd like to set up a 2 way trust between DomainB and some other Forest's domain, which I do successfully. In this case, the Transitive rule that automatically applies to parent/child domains, does NOT apply here. So, users in DomainA will not automatically authenticate in the other Forest's domain.

3)To trust another domain, you only need to set it up on the TRUSTING domain's end, but you still need to use the opposing domains credentials for authentication.

Make sense?
 
Upvote 0 Downvote
Perfect, thank you so much Brontosaurus, that clarifies things greatly :)
 
Upvote 0 Downvote
Not to contradict bronto, not my intention. But according to MS, you create a trust with a "password'. What I mean is you assign a password at the "Click the Domains trusted by this domain, select the Add button, type in the target domain name, and supply the password information; then select the Domains that trust this domain and follow the same procedure as above." The password needs to be accepted by both trusting parties. It is not the admin pasword.

Once the Trust is created it needs an admin account to start it at the trusting end...if two way then at the trusted end also. There was an article that I found stating this but I can't find it now....go figure.

Does this make sense? Hewissa

MCSE, CCNA, CIW
 
Upvote 0 Downvote
Actually, that does make sense, good clarification. I generalized my explanation using an admin account, which I normally duplicate at the opposing end when doing trusts. Sort of makes the 2 step process a "one stop shopping" trip.

Thanks Hewissa!
 
Upvote 0 Downvote
Okay, so it can be any password then as long as both domains are using the same one, and it doesn't have to be the password of the domain admin...

When do you have to supply the admin account info? After you click OK or Apply on the Trusts property page? Or after you enter this notorious password? Or is it only once you try to access a resource on the other domain?
 
Upvote 0 Downvote
Ahhh, so if you supply the domain admin password instead of any old password you won't need to supply the admin account at a later time?
 
Upvote 0 Downvote
I think the logic is, that you don't want to "give away" the admin password for Domain A to Domain B.

You create the Trust, both domains agree on a password.

Domain A, the admin at some point (and this was where I am not clear) needs to say in a sense "YES" to the trust.

Same for Domain B.


The only thing in common is the trust password used.

Once the trust is made, then users can access folders on either domain given the proper rights. Hewissa

MCSE, CCNA, CIW
 
Upvote 0 Downvote
yeah, actually that makes a lot of sense hewissa; with security becoming increasingly essential to the survival of a network, I think the idea of a separate password would be a great way to go.

Thank you bronty and hewissa so much for the help on clarifying this issue for me.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

techbrain1
  • Locked
  • Question
Trust relationship issue 1
Replies
3
Views
257
araheusaff
araheusaff
Fireksf
  • Locked
  • Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
108
MarkSweetland
MarkSweetland
CDIV
  • Locked
  • Question
Dear all, Please how can I team
Replies
0
Views
66
CDIV
CDIV
mmcbeath
  • Locked
  • Question
2 Way Trust - Not working
Replies
0
Views
55
mmcbeath
mmcbeath
goombawaho
  • Locked
  • Question
trust relationship between this workstation and the primary domain failed
Replies
2
Views
84
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top