CCNA Certification Overview of Forest and Domain Trust Models in your administrative life
No matter where you work, there will come a point in your administrative life where you simply have to break things down. As I alluded to earlier, it’s rare that you will see a large enterprise using only one domain, or even one forest, to administer an entire facility. Unfor- tunately (or fortunately if you?d like to consider it in terms of job security), the real world is a lot more complex. Accordingly, designs and topologies become more complex as compa- nies grow.
The main question that comes up as this process continues is this: how can you utilize resources that aren?t part of your individual infrastructure? The answer, which originally came about in MCSE 2003 Certification, is a trust. By now, you probably are familiar with trusts and the various types of trusts that can be implemented in Windows Server 2008. In the following sections, I will review the various types of trusts, cover their strengths and weak- nesses, and discuss strategies for implementing trusts in your environment. The MCITP certification exam will ask a lot of questions on trusts from both your previous study and what you will learn here. It’s a good idea to review what you’ve learned in the past before you take the exam. It could save your grade!
Authentication In security administration, authentication is the process of verifying a user?s identity. Is John Q. Smith really John Q. Smith? Or is he another user pretending to be John Q. Smith?
Authorization Authorization is the process of determining what access a particular user has. For example, this is the process of determining whether John Q. Smith has access to the Shared folder on an office server located in the main building.
As mentioned earlier, trusts are connections?between either domains or forests?that allow various objects within Active Directory to access, modify, and utilize resources. In general, trusts exist on two levels: forest and domain.
With the release of Windows Server 2003, Microsoft Exam made a previously unavailable function available to administrators. Forest trusts allow an administrator to connect two forests and establish a trust between them at the forest level. This is a big change from the previous iteration, which allowed this only on the domain level. Forest trusts can be either one-way, two-way, or transitive. In a two-way transitive forest, each forest trusts the other completely. Forest trusts offer several bene?ts, such as simpli?ed resource access, improved authentica- tion, improved security, and improved administrative overhead.
It’s important to note that, unlike domain trusts (discussed next), forest trusts can be created only between two forests. They cannot be extended or joined to a third. This function is slightly limiting; however, this is utilized for security purposes and for administra- tive reasons. By accident, an administrator could easily end up making all components of a multitiered forest trust each other completely!
Processing your request, Please wait....
