External vs Forest Trusts

deneb829deneb829 Member Posts: 292
I am having a problem grasping the difference between an external trust relationship and a forest trust. The question speaks of a user using his credentials located in DOMAIN A to log into DOMAIN B and not being able to. The answer suggests matching the user's UPN logon name with their pre-windows 2000 login name (which are different) as a means to fix this issue. Couldn't the user log into DOMAIN B with usera@DOMAINA.com?
There are only 10 types of people in this world - People who understand binary and people who do not.

Comments

  • SlowhandSlowhand Mod Posts: 5,161 Mod
    The user should be able to log on with his credentials from DOMAIN A in DOMAIN B, that's the whole idea of trusts. The main difference between forest trusts and external trusts is that with forest trusts, you're setting up internal trusts between domains of the same forest. In the end, they're all under the same AD forest, but in seperate trees or domains. Setting up an external trust is tricker, because you're trying to communicate from forest to forest, without necessarily having the same Domain Controllers in common. (Not that you always have that within the forest, but it's easier to deal with there.)

    I have no clue as to why the pre-Windows 2000 logon should have to be the same as the UPN logon ID, I'm guessing there's some other information here that's probably assumed in the scenario. If the domains trying to communicate are in pre-Windows 2000 mode, or running other OS'es besides Windows, I guess that could help solve some problems. Otherwise. . . eh. . . well. . . you got me. Still, though, I can't help but think this is more of a question for the 70-291 test. For the 70-290, I doubt you have to know such detailed information about the hows and the whys of trusts, just that there are differences between domains inside and outside the same tree and/or the same forest.

    Free Microsoft Training: Microsoft Learn
    Free PowerShell Resources: Top PowerShell Blogs
    Free DevOps/Azure Resources: Visual Studio Dev Essentials

    Let it never be said that I didn't do the very least I could do.
  • deneb829deneb829 Member Posts: 292
    Thanks Slowhand,

    I thought this was a strange question for 70-290 because I saw very little about trusts in the study material for this exam. Hopefully, I won't see this kind of question on the exam.
    There are only 10 types of people in this world - People who understand binary and people who do not.
Sign In or Register to comment.