I have an interesting conundrum that Im pondering which has raised the question of just how transitive are forest trusts?
With 2 forests, its quite straightforward; with a forest trust between them, the transitivity extends down the domain tree in each forest, eliminating the need for external domain trusts between individual domains within each forest (although of course shortcut trusts can still be useful). But what about when there are more than 2 forests? take a scenario with 3 forests: FORESTA ß---forest trust---à FORESTB ß---forest trust---à FORESTC So there is a forest trust between A & B, and between B &C.... does FORESTA thus trust FORESTC?? since in theory forest trusts are transitive, one might be inclined to think the answer to this should be yes, but Im not convinced the transitivity is supposed to work this way... BTW, the conundrum that has prompted this question is that I have a scenario where Im being asked to suggest a migration strategy between two AD domains (in separate forests) that have the SAME domain NetBIOS name... (Ugh!) the only way I see this being possible is to use an intermediate domain and a 2-step migration, since it simply isnt going to be possible to migrate directly between two identically named domains... Two different strategy suggestions are under consideration for how/where to implement the intermediate domain, one of which is to keep it entirely separate from the existing production forests at either end of the migration... Thoughts? TIA Paul G. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
