+ Reply to Thread
Results 1 to 3 of 3
  1. Senior Member deneb829's Avatar
    Join Date
    Sep 2006
    Location
    Florida Panhandle
    Posts
    300

    Certifications
    A+, Network+, MCSA2K3, Extreme Networks, iBoss, Bachelors in Business Management, MBA - Information Systems
    #1

    Default External vs Forest Trusts

    I am having a problem grasping the difference between an external trust relationship and a forest trust. The question speaks of a user using his credentials located in DOMAIN A to log into DOMAIN B and not being able to. The answer suggests matching the user's UPN logon name with their pre-windows 2000 login name (which are different) as a means to fix this issue. Couldn't the user log into DOMAIN B with usera@DOMAINA.com?
    Reply With Quote Quote  

  2. SS -->
  3. Questionably Benevolent Moderator Slowhand's Avatar
    Join Date
    Oct 2005
    Location
    Bay Area, CA
    Posts
    5,072
    Blog Entries
    1

    Certifications
    A+, Linux+, Server+, Security+, MCSA 2003, MCSA 2008, MCSA 2012, CCNA(expired), ITIL Foundation v3 (2011), VCP5-DCV, VCA-Cloud, VCA-DCV, VCA-WM
    #2
    The user should be able to log on with his credentials from DOMAIN A in DOMAIN B, that's the whole idea of trusts. The main difference between forest trusts and external trusts is that with forest trusts, you're setting up internal trusts between domains of the same forest. In the end, they're all under the same AD forest, but in seperate trees or domains. Setting up an external trust is tricker, because you're trying to communicate from forest to forest, without necessarily having the same Domain Controllers in common. (Not that you always have that within the forest, but it's easier to deal with there.)

    I have no clue as to why the pre-Windows 2000 logon should have to be the same as the UPN logon ID, I'm guessing there's some other information here that's probably assumed in the scenario. If the domains trying to communicate are in pre-Windows 2000 mode, or running other OS'es besides Windows, I guess that could help solve some problems. Otherwise. . . eh. . . well. . . you got me. Still, though, I can't help but think this is more of a question for the 70-291 test. For the 70-290, I doubt you have to know such detailed information about the hows and the whys of trusts, just that there are differences between domains inside and outside the same tree and/or the same forest.

    -------------------------------------------------------
    ITHumidor.net - "Futuaris nisi irrisus ridebis"
    -------------------------------------------------------

    Free Microsoft Training: Microsoft Virtual Academy
    Free PowerShell Resources: Top 50 PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
    Reply With Quote Quote  

  4. Senior Member deneb829's Avatar
    Join Date
    Sep 2006
    Location
    Florida Panhandle
    Posts
    300

    Certifications
    A+, Network+, MCSA2K3, Extreme Networks, iBoss, Bachelors in Business Management, MBA - Information Systems
    #3
    Thanks Slowhand,

    I thought this was a strange question for 70-290 because I saw very little about trusts in the study material for this exam. Hopefully, I won't see this kind of question on the exam.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks