Active Directory - 4
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Active Directory - 4 as PDF for free.
More details
- Words: 653
- Pages: 15
1
Trust Relationships
Secure communication paths that allow objects in one domain to be authenticated and accepted in other domains Some trusts are automatically created Parent-child domains trust each other Tree root domains trust forest root domain Other trusts are manually created Forest-to-Forest transitive trust relationships can be created-Windows Server 2003 forests only
2
What Are Trusts?
Trust categories
Transitive trusts Nontransitive trusts
Trust directions
One-way incoming incoming trust trust One-way outgoing trust Two-way trust trust
Trust types
Five types of of trusts: Default, Shortcut, External, Forest and Realm
3
Trust Relationships in Windows Server 2003 Default Two-way- transitive Kerberos trusts (Intraforest) Shortcut One or two-way transitive Kerberos trusts (Intraforest) Reduce authentication requests External one way non-transitive NTLM trusts. Used to connect to/from Windows NT or external 2000 domains Manually created Forest One or two-way transitive Kerberos trusts. Only between 2003 Forest Roots, Creates transitive domain relationship Realm one or two-way non-transitive Kerberos trusts Connect to/from UNIX Kerberos realms
4
ACTIVE DIRECTORY TRUST MODELS
Transitive Trust: If A trusts B
SOFT.COM
ZOOM.COM Forest Root
B trusts C then A trusts C NET.SOFT.COM
MCSE.ZOOM.COM
CCNA.ZOOM.COM
VB.NET.SOFT.COM MCP.MCSE.ZOOM.COM
5
Default Trusts
SOFT.COM
NET.SOFT.COM
VB.NET.SOFT.COM
ZOOM.COM Forest Root
MCSE.ZOOM.COM
CCNA.ZOOM.COM
MCP.MCSE.ZOOM.COM
AA Default Default trust: trust: Automatically Automatically Created Created Transitive trust trust Two-way Two-way transitive transitive
6
Shortcut Trusts
SOFT.COM
NET.SOFT.COM
ZOOM.COM Forest Root
MCSE.ZOOM.COM
CCNA.ZOOM.COM
Shortcut Shortcut Trust Trust VB.NET.SOFT.COM
Shortcut Shortcut Trust MCP.MCSE.ZOOM.COM
A shortcut trust: trust: Reduces Reduces authentication authentication time time in in complex complex forests forests Is Is partially partially transitive transitive Can Can be be one-way one-way or or two-way two-way
7
External Trusts
Forest 2
Forest 1 SOFT.COM
ZOOM.COM
IBM.COM
Forest Root
NET.SOFT.COM
JAVA.SOFT.COM
MCSE.ZOOM.COM
SALES.IBM.COM
IT.IBM.COM
External External Trust Trust An An external external trust trust is: is: AA trust trust that that is is manually manually created created between: between: Two Two Active Active Directory Directory domains domains located in different different forests forests An An Active Active Directory Directory domain domain and and a Windows Windows NT NT 4.0 4.0 or or earlier earlier domain domain Nontransitive Nontransitive One-way One-way
8
Forest Trusts
Forest Forest Trust Trust
Forest 2
Forest 1 ZOOM.COM Forest Root
MCP.ZOOM.COM
IBM.COM SOFT.COM
Forest Root SALES.IBM.COM
MCSE.ZOOM.COM
IT.IBM.COM
JAVA.SOFT.COM
A forest trust trust is a trust between two two Windows Server 2003 forests Forms the trust relationships relationships between between every domain domain in both forests Is created between the forests forests involved in in the trust Is transitive transitive for all of the domains domains in the forests
9
Realm Trusts
AA realm trust: trust: Is a trust trust between between aa Kerberos realm realm and and an an Active Active Directory Directory domain domain Can Can be be transitive transitive or or nontransitive nontransitive Can Can be be one-way one-way or twotwoway way
ZOOM.COM
MCSE.ZOOM.COM
CCNA.ZOOM.COM
MCP.MCSE.ZOOM.COM
Realm Realm Trust Trust
Kerberos Realm
10
11
Domain and Forest Functional Levels
Functional levels determine Supported domain controller operating system Active Directory features will be available Domain functional levels can be raised independently of other Domains Raising
forest
functional
level
is
performed
by
Enterprise Admin Requires
all Domain
Windows
2000
Functional levels to be
native or Windows Server
at
2003
functional levels
12
Domain Functional Levels
Windows 2000 Mixed ModeNT4, Windows 2000 or WS03 DCs
Domain Controller (Windows Server 2003)
Domain Controller (Windows 2000)
Domain controller (Windows NT 4.0)
Windows 2000 Native ModeNo NT 4 DCs
Domain Controller (Windows Server 2003)
Domain Controller (Windows 2000)
13
Domain Functional Levels
Windows Server 2003 InterimNo 2000 DCs
Domain Controller (Windows Server 2003)
Domain controller (Windows NT 4.0)
Windows Server 2003 Server LevelAll WS03 DCs
Domain Controller (Windows Server 2003)
Domain Controller (Windows Server 2003)
14
Forest Functional Levels
Forest Functional Level Windows 2000 (default) Windows Server 2003 Interim Windows Server 2003 Server
Domain Controllers Supported Windows NT 4.0, Windows 2000, Windows Server 2003 Windows NT 4.0, Windows Server 2003 Windows Server 2003
15
Trust Relationships
Secure communication paths that allow objects in one domain to be authenticated and accepted in other domains Some trusts are automatically created Parent-child domains trust each other Tree root domains trust forest root domain Other trusts are manually created Forest-to-Forest transitive trust relationships can be created-Windows Server 2003 forests only
2
What Are Trusts?
Trust categories
Transitive trusts Nontransitive trusts
Trust directions
One-way incoming incoming trust trust One-way outgoing trust Two-way trust trust
Trust types
Five types of of trusts: Default, Shortcut, External, Forest and Realm
3
Trust Relationships in Windows Server 2003 Default Two-way- transitive Kerberos trusts (Intraforest) Shortcut One or two-way transitive Kerberos trusts (Intraforest) Reduce authentication requests External one way non-transitive NTLM trusts. Used to connect to/from Windows NT or external 2000 domains Manually created Forest One or two-way transitive Kerberos trusts. Only between 2003 Forest Roots, Creates transitive domain relationship Realm one or two-way non-transitive Kerberos trusts Connect to/from UNIX Kerberos realms
4
ACTIVE DIRECTORY TRUST MODELS
Transitive Trust: If A trusts B
SOFT.COM
ZOOM.COM Forest Root
B trusts C then A trusts C NET.SOFT.COM
MCSE.ZOOM.COM
CCNA.ZOOM.COM
VB.NET.SOFT.COM MCP.MCSE.ZOOM.COM
5
Default Trusts
SOFT.COM
NET.SOFT.COM
VB.NET.SOFT.COM
ZOOM.COM Forest Root
MCSE.ZOOM.COM
CCNA.ZOOM.COM
MCP.MCSE.ZOOM.COM
AA Default Default trust: trust: Automatically Automatically Created Created Transitive trust trust Two-way Two-way transitive transitive
6
Shortcut Trusts
SOFT.COM
NET.SOFT.COM
ZOOM.COM Forest Root
MCSE.ZOOM.COM
CCNA.ZOOM.COM
Shortcut Shortcut Trust Trust VB.NET.SOFT.COM
Shortcut Shortcut Trust MCP.MCSE.ZOOM.COM
A shortcut trust: trust: Reduces Reduces authentication authentication time time in in complex complex forests forests Is Is partially partially transitive transitive Can Can be be one-way one-way or or two-way two-way
7
External Trusts
Forest 2
Forest 1 SOFT.COM
ZOOM.COM
IBM.COM
Forest Root
NET.SOFT.COM
JAVA.SOFT.COM
MCSE.ZOOM.COM
SALES.IBM.COM
IT.IBM.COM
External External Trust Trust An An external external trust trust is: is: AA trust trust that that is is manually manually created created between: between: Two Two Active Active Directory Directory domains domains located in different different forests forests An An Active Active Directory Directory domain domain and and a Windows Windows NT NT 4.0 4.0 or or earlier earlier domain domain Nontransitive Nontransitive One-way One-way
8
Forest Trusts
Forest Forest Trust Trust
Forest 2
Forest 1 ZOOM.COM Forest Root
MCP.ZOOM.COM
IBM.COM SOFT.COM
Forest Root SALES.IBM.COM
MCSE.ZOOM.COM
IT.IBM.COM
JAVA.SOFT.COM
A forest trust trust is a trust between two two Windows Server 2003 forests Forms the trust relationships relationships between between every domain domain in both forests Is created between the forests forests involved in in the trust Is transitive transitive for all of the domains domains in the forests
9
Realm Trusts
AA realm trust: trust: Is a trust trust between between aa Kerberos realm realm and and an an Active Active Directory Directory domain domain Can Can be be transitive transitive or or nontransitive nontransitive Can Can be be one-way one-way or twotwoway way
ZOOM.COM
MCSE.ZOOM.COM
CCNA.ZOOM.COM
MCP.MCSE.ZOOM.COM
Realm Realm Trust Trust
Kerberos Realm
10
11
Domain and Forest Functional Levels
Functional levels determine Supported domain controller operating system Active Directory features will be available Domain functional levels can be raised independently of other Domains Raising
forest
functional
level
is
performed
by
Enterprise Admin Requires
all Domain
Windows
2000
Functional levels to be
native or Windows Server
at
2003
functional levels
12
Domain Functional Levels
Windows 2000 Mixed ModeNT4, Windows 2000 or WS03 DCs
Domain Controller (Windows Server 2003)
Domain Controller (Windows 2000)
Domain controller (Windows NT 4.0)
Windows 2000 Native ModeNo NT 4 DCs
Domain Controller (Windows Server 2003)
Domain Controller (Windows 2000)
13
Domain Functional Levels
Windows Server 2003 InterimNo 2000 DCs
Domain Controller (Windows Server 2003)
Domain controller (Windows NT 4.0)
Windows Server 2003 Server LevelAll WS03 DCs
Domain Controller (Windows Server 2003)
Domain Controller (Windows Server 2003)
14
Forest Functional Levels
Forest Functional Level Windows 2000 (default) Windows Server 2003 Interim Windows Server 2003 Server
Domain Controllers Supported Windows NT 4.0, Windows 2000, Windows Server 2003 Windows NT 4.0, Windows Server 2003 Windows Server 2003
15
Related Documents
Active Directory - 4
November 2019 6
Active Directory
June 2020 32
Active Directory
April 2020 36
Active Directory
June 2020 25
Active Directory
June 2020 24