A two-way trust that occurs by default means that resources
in both domains participating in the trust can access resources in the other. A one-way
trust can be established if resources in Domain A need access to resources in Domain B,
but you don??™t want resources in Domain B to have access to resources in Domain A. A
transitive two-way trust means that if Domain A trusts Domain B and Domain B trusts
Domain C, then Domain A automatically trusts Domain C (Figure 4-3). This was made
the default configuration for Active Directory trusts since it simplifies much of the administration
surrounding multidomain trusts.
Organizational Units
Using a domain as the smallest logical administrative boundary makes sense since
Microsoft needed to provide a direct and easy migration path to allow customers to
Figure 4-2. An Active Directory forest
Testlab.local
Engineering.Testlab.local
UAT.local
Testing.UAT.local
NY.Engineering.Testlab.local
101 Chapter 4: Active Directory Domain Services
transition from the old NT domain model to the new Active Directory model. However,
unlike the old NT domain, the Active Directory domain also supports internal logical
groupings??”organizational units (OUs). In this sense, you can think of each Active
Directory domain as its own tree of objects organized into containers such as OUs.
If you envision Active Directory as a file system, you can think of containers such as
OUs as folders within the file system.
Pages:
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142