Trust : Communication between domains occurs through trusts. Trusts basically are authentication pipelines that must be present in order for users in one domain to access resources access resources in another domain. A trust relationship is a logical relationship established between two domains which allows authentication. There are two domains in a trust relationship – the trusting and the trusted. Two default trusts are created when using the Active Directory Installation Wizard. There are four other types of trusts that can be created using the New Trust Wizard or the Netdom command-line tool.
Default trusts :
Two-way, transitive trusts are automatically created by default when a new domain is added to a domain tree or forest root domain using the Active Directory Installation Wizard. These two types of default trusts are explained in below:
Parent & child : When a new child domain is added to an existing domain tree, a new parent and child trust is established by default. Authentication requests made from subordinate domains flow upward through their parent to the trusting domain.
Tree-root : This trust is implicitly established when we add a new tree root domain to a forest. This trust is two-way and transitive in nature.
Other trusts :
Other types of trusts are the ones which can be created using the new trust wizard or the Netdom command-line tool.
There are four types of other trust in active directory and these are explained below:
External trust: External type of trust is used when we need to provide access to the resources located on the Windows 4.0 NT domain or in a domain located into a separate forest which is not joined by a forest trust already.
This type of trust is non-transitive in nature and direction can be one way or both ways.
Realm trust: Realm trust is used to form a trust relationship between Windows server domain and non-Windows Kerberos realm e.g.UNIX.
This trust can be transitive or non-transitive in nature and direction can be one-way or two-way.
Forest trust: Forest trusts are used to share resources between forests. If a forest trust is a two-way trust, authentication requests made in either forest can reach the other forest.The trust allows all domains in one forest to trust all domains in another forest.
This trust is transitive in nature and direction can be one-way or two-way.
Shortcut trust: This type of trust is used to improve user logon times between two domains within a Windows Server 2003 forestwhich are logically distant from each other in the Active Directory hierarchy. This is useful when two domains are separated by two domain trees.
This trust is transitive in nature and can be one-way or two-way.
So, that was all for basic understanding of active directory trusts.