Trust relationships between Windows 2000 forests are one-way and intransitive. A one-way trust relationship means...
that, if you have users in Forest A who need access to resources in Forest B, you'll need to set up one trust relationship.
But if you also have users in Forest B who need to access resources in Forest A, you'll need to set up a second trust going in the other direction. An intransitive trust relationship means that if Forest A trusts Forest B, and Forest B trusts Forest C, Forest A does -not- automatically trust Forest C - you'll need to set up a separate trust relationship directly between Forest A and Forest C.
To set up a cross-forest trust in Windows 2000, use Active Directory Domains and Trusts. The "trusted" forest is the forest containing the user accounts, the "trusting" forest is the one containing the resources. If you need the trust relationship to work in both directions, you'll set up two trust relationships, reversing the "trusted" and "trusting" forest for the second one.
Server Management Learning Guide: How to Design a Server Room
Access Site Expert Bernie Klinder's learning guide now and read about an eight-step plan to help you design a data center your company will appreciate and you can be proud of!
Related Q&A from Laura E. Hunter
Active Directory expert Laura E. Hunter offers some advice for changing the IP addresses of domain controllers.continue reading
An admin has two domains and two Active Directories. He wants to know how to join the Active Directories so that internal staff can access both, but ...continue reading
An admin needs to grant user access rights for those needing to traverse directory trees. Our server management expert explains how to use Group ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.