Types of Trusts in Active Directory Explained
Q: What are the different types of trusts in Active Directory, and how do they function?
- Active Directory
- Mid level question
Explore all the latest Active Directory interview questions and answers
ExploreMost Recent & up-to date
100% Actual interview focused
Create Active Directory interview for FREE!
In Active Directory, trusts are mechanisms that establish a relationship between two domains or forests, allowing users in one domain to access resources in another. There are several types of trusts in Active Directory:
1. Type of Trusts:
- Parent-Child Trust: This is a transitive trust automatically created when a child domain is added to a parent domain. It allows users in the child domain to access resources in the parent domain and vice versa.
*Example:* If domain A is the parent and domain B is the child, users from domain B can access resources in domain A.
- Sibling Trust: This type of trust is established between two child domains that share a common parent domain. It allows users in one child domain to access resources in the other child domain.
*Example:* If there are two child domains, B and C, under parent domain A, then B and C can establish a sibling trust.
- External Trust: This is a non-transitive trust created between an Active Directory domain and an external domain (which can be another Windows domain or even a non-Windows domain). It is used primarily for sharing resources with a domain outside the Active Directory forest.
*Example:* You might create an external trust between your Active Directory domain and a legacy domain that is still in use.
- Forest Trust: This is a transitive trust that can be established between two Active Directory forests. It allows all domains in one forest to access resources in another forest.
*Example:* If you have two forests, Forest A and Forest B, a forest trust enables users in any domain within Forest A to access resources in any domain within Forest B.
- Realm Trust: This is a non-transitive trust created between an Active Directory domain and a non-Windows Kerberos realm, allowing authentication between the two.
*Example:* This is useful when integrating with UNIX or Linux servers that use Kerberos for authentication.
2. Functionality:
- Trusts can be one-way or two-way. In a one-way trust, one domain trusts another, but not vice versa. In a two-way trust, both domains trust each other.
- Transitive trusts allow trust relationships to extend beyond the directly linked domains. For instance, if A trusts B and B trusts C, A automatically trusts C if the trusts are transitive.
Understanding these trust types enables organizations to securely manage access to resources across different domains and forests while facilitating resource sharing in a structured manner.
1. Type of Trusts:
- Parent-Child Trust: This is a transitive trust automatically created when a child domain is added to a parent domain. It allows users in the child domain to access resources in the parent domain and vice versa.
*Example:* If domain A is the parent and domain B is the child, users from domain B can access resources in domain A.
- Sibling Trust: This type of trust is established between two child domains that share a common parent domain. It allows users in one child domain to access resources in the other child domain.
*Example:* If there are two child domains, B and C, under parent domain A, then B and C can establish a sibling trust.
- External Trust: This is a non-transitive trust created between an Active Directory domain and an external domain (which can be another Windows domain or even a non-Windows domain). It is used primarily for sharing resources with a domain outside the Active Directory forest.
*Example:* You might create an external trust between your Active Directory domain and a legacy domain that is still in use.
- Forest Trust: This is a transitive trust that can be established between two Active Directory forests. It allows all domains in one forest to access resources in another forest.
*Example:* If you have two forests, Forest A and Forest B, a forest trust enables users in any domain within Forest A to access resources in any domain within Forest B.
- Realm Trust: This is a non-transitive trust created between an Active Directory domain and a non-Windows Kerberos realm, allowing authentication between the two.
*Example:* This is useful when integrating with UNIX or Linux servers that use Kerberos for authentication.
2. Functionality:
- Trusts can be one-way or two-way. In a one-way trust, one domain trusts another, but not vice versa. In a two-way trust, both domains trust each other.
- Transitive trusts allow trust relationships to extend beyond the directly linked domains. For instance, if A trusts B and B trusts C, A automatically trusts C if the trusts are transitive.
Understanding these trust types enables organizations to securely manage access to resources across different domains and forests while facilitating resource sharing in a structured manner.