Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2003 on HP ProLiant Servers : Logical Structure Design (part 5) - Trust Definitions

- Windows 10 Product Activation Keys Free 2019 (All Versions)
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
1/30/2013 6:02:45 PM

6. Trust Definitions

Trusts to external forests, Windows NT domains, or Kerberos realms should be defined in the design document. Windows 2000, supporting only NTLM type external trusts, required individual trusts to be created between all domains in separate forests because NTLM didn't provide transitivity. Figure 27 shows two Windows 2000 forests, each with three domains. To get a “complete trust model,” trusts were required between every two domains, as shown in Figure 27, similar to what the trust model in Windows NT 4.0 would look like. Obviously, this is very confusing and difficult to administer. Creating a trust across root domains would not provide the same transitivity as if they were in the same forest.

Figure 27. Windows 2000 used NTLM trusts to trust domains in different forests.


Note that Windows Server 2003, on the other hand, supports Kerberos cross forest trusts, which allow a single trust to be created at the root level and maintain transitivity to child domains. Figure 28 illustrates this. You can administer a multiple forest enterprise very easily with this type of trust because there is only a single trust (it can be two-way) to maintain, and the Administrator can choose authentication options noted in the cross forest trust.

Figure 28. Windows Server 2003 provides Kerberos trusts between forests.


In a Windows Server 2003 forest, you also can create a trust to an MIT Kerberos v5 realm, allowing realm principals to access Windows resources and vice-versa. This is accomplished by providing name mapping. Because the MIT principal has no knowledge of Security Identifiers (SIDs) and Windows requires them, a user account is created in the Windows domain and is mapped to the realm principal. Name mapping is an attribute of the user object. In the Users and Computers Snap-in, turn on Advanced Features in the View menu, and then right-click the user account. The Name Mapping dialog box appears as shown in Figure 29.

Figure 29. Mapping a Windows Server 2003 user account to a Kerberos realm principal name.

Identify all such trusts in the design document. Just like the GPO design affecting the OU structure, familiarity with the Kerberos trust might influence your decision on deploying multiple forests.
Other -----------------
- Microsoft Dynamics GP 2010 : Preventing Errors in Dynamics GP - Ensuring proper year-end closing by checking Posting Types
- Microsoft Dynamics GP 2010 : Preventing Errors in Dynamics GP - Preventing account selection errors with Chart Segment names
- Monitoring Windows Small Business Server 2011 : Using Windows SBS Console Monitoring (part 3) - Creating and Viewing Reports
- Monitoring Windows Small Business Server 2011 : Using Windows SBS Console Monitoring (part 2) - Using Notification Settings
- Monitoring Windows Small Business Server 2011 : Using Windows SBS Console Monitoring (part 1) - Using the Network Essentials Summary
- System Center Configuration Manager 2007 : Operating System Deployment - Boot Images
- System Center Configuration Manager 2007 : Operating System Deployment - Site Systems
- BizTalk Server 2006 : Pipeline Component Best Practices and Examples - The Databased Disassembler
- BizTalk Server 2006 : Pipeline Component Best Practices and Examples - Using PGP (part 2) - PGP Decode Component
- BizTalk Server 2006 : Pipeline Component Best Practices and Examples - Using PGP (part 1) - PGP Encode Component
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server