Scribd Logo
Carica

Benvenuto in Scribd!

  • Active Directory - 4

    Caricato da

    api-3729674
    196 visualizzazioni15 pagine
    Trust Relationships Secure communication paths that allow objects in one domain to be authenticated and accepted in other domains. Some trusts are automatically created Parent-child domains trust each other Tree root domains trust forest root domain other trusts are manually created Forest-to-forest transitive Trust Relationships can be created-windows server 2003 forests only.

    Descrizione originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Trust Relationships Secure communication paths that allow objects in one domain to be authenticated and accepted in other domains. Some trusts are automatically created Parent-child domains trust each other Tree root domains trust forest root domain other trusts are manually created Forest-to-forest transitive Trust Relationships can be created-windows server 2003 forests only.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    196 visualizzazioni15 pagine

    Active Directory - 4

    Caricato da

    api-3729674
    Trust Relationships Secure communication paths that allow objects in one domain to be authenticated and accepted in other domains. Some trusts are automatically created Parent-child domains trust each other Tree root domains trust forest root domain other trusts are manually created Forest-to-forest transitive Trust Relationships can be created-windows server 2003 forests only.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 15

    1

    Trust Relationships

    Secure communication paths that allow objects


    in one domain to be authenticated and accepted in other
    domains

    Some trusts are automatically created

    Parent-child domains trust each other

    Tree root domains trust forest root domain

    Other trusts are manually created

    Forest-to-Forest transitive trust relationships can be


    created-Windows Server 2003 forests only

    2
    What Are Trusts?

    Trust Transitive trusts


    categories Nontransitive trusts

    One-way incoming
    incoming trust
    trust
    Trust
    One-way outgoing trust
    directions
    Two-way trust
    trust

    Five types of
    of trusts: Default, Shortcut,
    Trust types
    External, Forest and Realm

    3
    Trust Relationships in Windows Server 2003

    Default
    Two-way- transitive Kerberos trusts (Intraforest)
    Shortcut
    One or two-way transitive Kerberos trusts (Intraforest)
    Reduce authentication requests
    External
    one way non-transitive NTLM trusts. Used to connect
    to/from Windows NT or external 2000 domains
    Manually created
    Forest
    One or two-way transitive Kerberos trusts. Only
    between 2003 Forest Roots, Creates transitive domain
    relationship
    Realm
    one or two-way non-transitive Kerberos trusts
    Connect to/from UNIX Kerberos realms

    4
    ACTIVE DIRECTORY TRUST MODELS

    Transitive Trust:

    If A trusts B SOFT.COM ZOOM.COM


    Forest Root

    B trusts C then

    A trusts C
    NET.SOFT.COM MCSE.ZOOM.COM CCNA.ZOOM.COM

    VB.NET.SOFT.COM
    MCP.MCSE.ZOOM.COM

    5
    Default Trusts

    SOFT.COM ZOOM.COM
    Forest Root

    NET.SOFT.COM MCSE.ZOOM.COM CCNA.ZOOM.COM

    VB.NET.SOFT.COM MCP.MCSE.ZOOM.COM

    AA Default
    Default trust:
    trust:
    Automatically
    Automatically Created
    Created
    Transitive trust
    trust
    Two-way
    Two-way transitive
    transitive

    6
    Shortcut Trusts

    SOFT.COM ZOOM.COM
    Forest Root

    NET.SOFT.COM MCSE.ZOOM.COM CCNA.ZOOM.COM

    Shortcut
    Shortcut Trust
    Trust Shortcut
    Shortcut Trust
    VB.NET.SOFT.COM MCP.MCSE.ZOOM.COM

    A shortcut trust:
    trust:
    Reduces
    Reduces authentication
    authentication time
    time in
    in complex
    complex forests
    forests
    Is
    Is partially
    partially transitive
    transitive
    Can
    Can be
    be one-way
    one-way or
    or two-way
    two-way

    7
    External Trusts

    Forest 1 Forest 2
    ZOOM.COM IBM.COM
    SOFT.COM
    Forest Root

    NET.SOFT.COM JAVA.SOFT.COM MCSE.ZOOM.COM SALES.IBM.COM IT.IBM.COM

    External
    External Trust
    Trust
    An
    An external
    external trust
    trust is:
    is:
    AA trust
    trust that
    that is
    is manually
    manually created
    created between:
    between:
    Two
    Two Active
    Active Directory
    Directory domains
    domains located in different
    different forests
    forests
    An
    An Active
    Active Directory
    Directory domain
    domain and
    and a Windows
    Windows NT
    NT 4.0
    4.0 or
    or earlier
    earlier domain
    domain
    Nontransitive
    Nontransitive
    One-way
    One-way

    8
    Forest Trusts Forest
    Forest Trust
    Trust

    Forest 1 Forest 2
    ZOOM.COM IBM.COM
    SOFT.COM
    Forest Root Forest Root

    MCP.ZOOM.COM MCSE.ZOOM.COM SALES.IBM.COM IT.IBM.COM

    JAVA.SOFT.COM

    A forest trust
    trust is a trust between two
    two Windows Server 2003 forests

    Forms the trust relationships


    relationships between
    between every domain
    domain in both
    forests
    Is created between the forests
    forests involved in
    in the trust
    Is transitive
    transitive for all of the domains
    domains in the forests

    9
    Realm Trusts

    AA realm trust:
    trust: ZOOM.COM

    Is a trust
    trust between
    between aa
    Kerberos realm
    realm and
    and an
    an
    Active
    Active Directory
    Directory MCSE.ZOOM.COM CCNA.ZOOM.COM
    domain
    domain
    Can
    Can bebe transitive
    transitive or
    or
    nontransitive
    nontransitive
    Can
    Can bebe one-way
    one-way or two-
    two- MCP.MCSE.ZOOM.COM Realm
    Realm Trust
    Trust
    way
    way

    Kerberos Realm

    10
    11
    Domain and Forest Functional Levels

    Functional levels determine

    Supported domain controller operating system

    Active Directory features will be available

    Domain functional levels can be raised independently of


    other Domains

    Raising forest functional level is performed by


    Enterprise Admin

    Requires all Domain Functional levels to be at


    Windows 2000 native or Windows Server 2003
    functional levels

    12
    Domain Functional Levels

    Windows 2000 Mixed Mode- Windows 2000 Native Mode-


    NT4, Windows 2000 or WS03 DCs No NT 4 DCs

    Domain Controller
    (Windows Server Domain Controller
    2003) (Windows Server
    2003)

    Domain Controller Domain controller Domain Controller


    (Windows 2000) (Windows NT 4.0) (Windows 2000)

    13
    Domain Functional Levels

    Windows Server 2003 Interim- Windows Server 2003 Server Level-


    No 2000 DCs All WS03 DCs

    Domain Controller Domain Controller


    (Windows Server (Windows Server
    2003) 2003)

    Domain controller Domain Controller


    (Windows NT 4.0) (Windows Server 2003)

    14
    Forest Functional Levels

    Forest Functional Domain Controllers


    Level Supported
    Windows NT 4.0, Windows 2000,
    Windows 2000 (default)
    Windows Server 2003
    Windows NT 4.0,
    Windows Server 2003 Interim
    Windows Server 2003
    Windows Server 2003 Server Windows Server 2003

    15

    Potrebbero piacerti anche