|Subject:||Creating an external Trust|
|Posted by:||admintgal (admintg…@discussions.microsoft.com)|
|Date:||Wed, 28 May 2008|
Just had a quick question on creating an external trust between two child
domains in two seperate forests that has a forest to forest trust in place.
We have a forest trust at forest1.com connected to forest2.com. To optimize
authentication I was thinking about creating an external trust between
child1.forest1.com and child2.forest2.com.
MS states "You can create an external trust to form a one-way or two-way,
nontransitive trust with domains outside of your forest. External trusts are
sometimes necessary when users need access to resources located in a Windows
NT 4.0 domain or in a domain located within a separate forest that is not
joined by a forest trust..."
Does this mean that I can't create the external trust between Child1 and
Child2 because I already have a forest trust between forest1.com and
forest2.com? Or does it just mean that I can't create an external trust
between forest1 and forest2 because of the forest trust already there? I
created the external trust between Child1 and Child2 in my test environment
with no problems at all.
Also I've read that shortcut trusts optimize authentication, but have not
read this about external trusts. I would think that it would due to the
architecture of AD. Could I be barking up the wrong tree with approach?