Microsoft NT Server

Domain Trust Relationships

Definitions in a Trust

Trusts - A trust relationship is a link between two domains that allows one domain to recognize the users of another domain and to permit those users to access to local resources. Trusts are limited to NT domains. (hint: to make the trust effective immeadiately, always permit first)

One-Way Trust - All trusts in NT domains are One-Way trusts. Only one domain trust the other to authentican users, and therefore, only users from the trusted domain can have access in both domains. A One-Way trust (as the name implies) This type of trust is typically used when all user accounts reside in one domain and resources (printers, file and print servers, etc.) reside in another domain.

Two-Way Trust - Two-Way trusts are the collection of establishing two One-Way trusts where both domains trust one another. Users from both domains can have access in both domains.

Trusting - A trusting domain accepts the authentication (or rejection) of user accounts from the domain controllers of another domain. This process is accomplished through Pass-Through Authentication (see below), and it is transparent to the user. Typically, resources are located in the trusting domains.

Trusted - This is the domain whose users will have access to both domains. A trusted domain can validate its users even though they are physically logging into within another domain. Under almost every senario, user accounts will reside in the trusted domain.

Pass-Through Authentication

Pass-Through Authentication is the process by which a NT Workstation or NT Server validates a user attempting to logon. The process is quite simple. If the user is logging on from a NT Workstation, the user specifies where his account resides from a list provided by the local machine. This list includes the local machine, the domain to which the machine belongs, and any domains which the machine's domain trusts. This is because a NT Workstation can be a functioning member of a domain. If the user is logging on from another resource which does not conform to the NT domain security standards, then the user must specify where his account resides by typing it in manually.

The process of manually typing in a domain name is a source of many problems for administrators of NT domains, and is a very pratical reason to consider using NT Workstations as a client in NT domains.

Back Menu Next Help

The Microsoft Windows NT Virtual Lecture by Patrick Watson
Florida Community College at Jacksonville