What is Trust in Active directory
->Trust is very important in active directory,when ever we access any resource in network then one server trust another server by supplying session key and then allow it to access the resource over the network.
->Here we are going to talk about Active directory Trust and how its works,how to configure Trust and how to troubleshoot.
Why Active Directory Trust is required.
-> When any company acquire any other company then we require to create trust between two forest ,so that information and resource can be exchanged between two different company's.
->When we want to access resource from any other domain or forest in active directory and we need to create trust ,so that we can access the resources of another domain.
-> When any child domain is created then by default parent and child trust will be created and it will share the information and resources with each other.
-> When we have created separate domain in a forest then we need to create trust manually to access resources between two domain in forest.
->In AD trust ,only global catalog get updated and users member list of object tab of trusting domain/forest.here AD replication does,t work between the trust as we are only accessing the resource of any other domain/forest using trust.
->We can see the console of AD trust and how incoming and outgoing trust is configured in active directory in above picture.
Two way Trust:
Parent - Child Trust:
->This Trust is created between Parent and Child domain and its created automatically between them and its transitive trust,We can see in below figure.
Tree- Root Trust:
->This Trust is creates automatically between forest root domain and new Tree and this is also a Transitive Trust,We can see in below figure
.
Shortcut Trust:
->We can consider above figure, if we create shortcut trust to directly access the resource from one child domain to another child domain, instead of going to trust flow.we can see above figure if we create trust between Tech.IT.com to Buzz.IT.com then it will become short Trust.
External Trust:
-> When we create trust between two different forest means suppose if we want to access resource of any other company or organization like company has acquired another company then we use to create external trust to access the resource.
Relam Trust:
-> This Trust is used wen we want to access of resource of unix domain or server then we need to create realm trust.
Forest Trust:
->Forest Trust is explicitly transitive (between two forests) ,we create trust between two forest root domains. forest trust can be one way or two way.
How Trust works in Active Directory
->when we have created any forest level trust to access resources of any other forest in active directory then if any changes are made to another domain -forest then same changes get applied to another domain using global catalog.->In AD trust ,only global catalog get updated and users member list of object tab of trusting domain/forest.here AD replication does,t work between the trust as we are only accessing the resource of any other domain/forest using trust.
Active Directory Trust Types
-> There are many Trust Types in Active Directory and we create trust type based on requirement of trust ,now we see in below figure ,how all the trust are made and connected.
->Incoming or Outgoing Trust means one way Trust, if incoming and outgoing both are configured then its two way trust. we can see below figure for the active directory domain and trust to understand incoming and outgoing trust.
->We can see the console of AD trust and how incoming and outgoing trust is configured in active directory in above picture.
Trust Flow :- Transitive and non -transitive Trust in Active Directory
Transitive Trust:
->Transitive Trust means when Domain A trust domain B and if domain A trust domain C then domain B will automatically Trust Domain C,as shown in below picture.
Non-Transitive Trust:
->Non Transitive Trust means if domain A Trust B and if Domain A trust C then domain B will not Trust To Domain C.
One way Trust:
One way Trust:
-> One way trust means if we have created Trust for Domain A <-- domain B (incoming) then domain B will not trust domain A,so we can access resource (users,groups,computers) of domain B in domain A but domain B can not access resources of domain A.
Two way Trust:
-> Two way trust means if we have create Trust between domain A and domain B then both domain can access the resource and example-Domain A can also access the resources of B and B can also access resource of A.
***Parent-Child and Tree-route Trust are created Automatically in Active Directory
***Parent-Child and Tree-route Trust are created Automatically in Active Directory
Parent - Child Trust:
->This Trust is created between Parent and Child domain and its created automatically between them and its transitive trust,We can see in below figure.
Tree- Root Trust:
->This Trust is creates automatically between forest root domain and new Tree and this is also a Transitive Trust,We can see in below figure
Shortcut Trust:
->We can consider above figure, if we create shortcut trust to directly access the resource from one child domain to another child domain, instead of going to trust flow.we can see above figure if we create trust between Tech.IT.com to Buzz.IT.com then it will become short Trust.
External Trust:
-> When we create trust between two different forest means suppose if we want to access resource of any other company or organization like company has acquired another company then we use to create external trust to access the resource.
Relam Trust:
-> This Trust is used wen we want to access of resource of unix domain or server then we need to create realm trust.
Forest Trust:
->Forest Trust is explicitly transitive (between two forests) ,we create trust between two forest root domains. forest trust can be one way or two way.
No comments:
Post a Comment