Would it be fair to say that except for very large (multi-national?)
organizations, and perhaps merged companies, that there will usually only be
1 forest so that all trusts will be bi-directional & transitive? Other wise
it seems you again have the problem (nightmare?) of managing multiple trust
relationships.
*-----Original Message-----
*From: [EMAIL PROTECTED]
*[mailto:[EMAIL PROTECTED]]On Behalf Of Don Tuer
*Sent: Monday, November 27, 2000 7:37 PM
*To: 'Steve Riley (MCS)'; 'avishver'; [EMAIL PROTECTED]
*Subject: RE: WIN2000 AD
*
*
*Hi Steve:
*
*Couple of things:
*
** There is only one Enterprise Administrator and one Schema Administrator
*per forest.
*
*> One group but multiple users can be members
*
** Even though most of the AD is multi-master, the FSMO roles
*aren't. The PDC
*role owner is responsible for password change replication, and there is one
*per forest.
*
*> One PDC per Domain as well as the Infrastructure, and RID FSMOs.
*
** Within a forest, trusts are Kerberos, bi-directional, transitive, and
*automatic. Between forests, trusts are NTLM, at the roots only, and are
*manual (like NT4).
*
*> NTLM Trusts can be from any domain.
*
*Hope this helps.
*
*Don Tuer
*-
*[To unsubscribe, send mail to [EMAIL PROTECTED] with
*"unsubscribe firewalls" in the body of the message.]
*
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
