An Active Directory Trust is a logical link which allows one domain or forest to access resources from another domain or forest. The trusts which are established by default are called implicit trusts while the trusts which are created manually are called explicit trusts.

Type of Trusts

  • Parent-Child Trust - When you add a child domain, a parent-child trust is implicitly established. It is a two-way and transitive trust.
  • Tree-root Trust - This trust is also established implicitly when a new domain is added to a forest. This is also a two-way and transitive trust.
  • Shortcut Trust - This is a transitive trust and it is created implicitly between two domains in a forest to reduce the trust path and improve user logon time. This trust can be either one-way or two-way.
  • External Trust - This trust is a non-transitive and it is explicitly created between Windows Server (2003) domains (that are in different forests) or between Server 2003 domain and Windows NT 4 domain.
  • Realm Trust - This trust can be either transitive or non-transitive and it is created explicitly between a non-windows Kerberos and a Windows Server 2003 domain. This trust can be either one-way or two-way.
  • Forest Trust - This trust is explicitly created between two forests. It is transitive and can be either one-way or two-way.
Active Directory Domain Services Trusts

Karim Buzdar

About the Author: Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *