A nontransitive trust is restricted by the two domains in the trust relationship. It does not flow to any other domains in the forest. A nontransitive trust can be a two-way trust or a one-way trust. Nontransitive trusts are one-way by default, although you can also create a two-way relationship by creating two one-way trusts.
In summary, nontransitive domain trusts are the only form of trust relationship that is possible between the following:
- An Active Directory domain and a Windows NT domain
- An Active Directory domain in one forest and a domain in another forest (when the forests are not joined by a forest trust)
You can use the New Trust Wizard to manually create the following nontransitive trusts:
- External trust : A nontransitive trust between an Active Directory domain and a Windows NT domain or an Active Directory domain in another forest.
- Realm trust : A nontransitive trust between an Active Directory domain and a Kerberos version 5 (V5) realm. For more information about Kerberos V5 realms, see Kerberos V5 authentication (http://go.microsoft.com/fwlink/?LinkId=92699).
No comments:
Post a Comment