Trust Relationship

Trust is a process of enabling resources of one domain to be accessed by another domain.
Functional Levels:

1. Domain Functional Level:

a) Windows 2000 mixed
b) Windows 2000 native
c) Interim
d) Windows 2003 server
2. Forest Functional Level:

a) Windows 2000 mixed
b) Interim
c) Windows 2003 server.
1.a.) Windows 2000 mixed:

By default when we install 2000 or 2003 o/s it gets installed in win 2000 mixed mode.
This mode supports older versions of win2003. We can add NT, 2000 flavors in 2003 networks.
1.b.)Windows 2000 native:

It supports only 2000 and 2003, Native mode can have 2000&2003 flavors only.
1.c)Interim:

This mode can have NT and 2003. Useful when we upgrade NT to 2003
1.d)Windows 2003 server:

This mode supports only 2003 server family.
We can’t join NT/2000 domains
Types of Trusts:

Trust relationships in Windows server2003:
Default two way transitive Kerberos trusts (intra forest)
Shortcut – one or two away transitive Kerberos trusts (intraforest)
Reduce authentication requests
Forest-one or two way- transitive Kerberos trusts.
WS2003 forests WIN 2000 does not support forest trusts
> Only between forest roots
>Creates transitive domain relationships.
External – one way non-transitive NTLM trusts.
Used to connect to /from win NT or external 2000 domains.- manually created.
Realm – one or two way non-transitive Kerberos trusts.
Connect to /from UNIX MT Kerberos realms.
Establishing Trusts:

The Domain where we have user accounts is called trusted domain.
The domain where we have resource is called trusting domain.
Trust between parent and child is two way transitive trust.
Ex; A trusts B, automatically B trusts A this is a two way trust.

Trust between parent and Grandchild domain is called implicit trust.

One-way trust or Non-transitive Trust: A trusts B, but B doesn’t trust A

Transitive trust (2 way):
If A trusts B, B automatically trusts A

One way incoming trust:
It means A is getting the resources from B and B is offering the resources.

One way out going trust:
A is offering resources to B and B is getting resources from A
Benefits of Domain Functional Level:

Win 2003 server Level:
The moment we raise the functional level, form mixed mode to win 2003 mode we get the following benefits.

Universal groups
Group nesting
Domain renaming tools.
Benefits of Forest Functional Level:

Win 2003 level
We get complete benefits of 2003 when we raise the level from 2000 to win 2003 server.
We can implement forest trusts.
Acceleration of global catalog replication information.
Domain renaming
Implimenting Forest Level:
Raising Domain Functional in both the machines:

>Start>program>admin tools>ADDT>right click on Domain
>raise Domain Functional Level>select win 2003>click on raise>ok>ok
Raising Forest Functional Level:

>Start>p>ADDT>right click on ADDT
>raise forest functional level>select win2003>raise>ok.