Trust relationships between Windows 2000 forests are one-way and intransitive. A one-way trust relationship means that, if you have users in Forest A who need access to resources in Forest B, you'll need to set up one trust relationship.
But if you also have users in Forest B who need to access resources in Forest A, you'll need to set up a second trust going in the other direction. An intransitive trust relationship means that if Forest A trusts Forest B, and Forest B trusts Forest C, Forest A does -not- automatically trust Forest C - you'll need to set up a separate trust relationship directly between Forest A and Forest C.
To set up a cross-forest trust in Windows 2000, use Active Directory Domains and Trusts. The "trusted" forest is the forest containing the user accounts, the "trusting" forest is the one containing the resources. If you need the trust relationship to work in both directions, you'll set up two trust relationships, reversing the "trusted" and "trusting" forest for the second one.
Server Management Learning Guide: How to Design a Server Room
Access Site Expert Bernie Klinder's learning guide now and read about an eight-step plan to help you design a data center your company will appreciate and you can be proud of!
This was first published in January 2005