1
00:00:06,430 --> 00:00:14,590
The initial slide shows the ADT s environment which consists of a simulated is forest with to the main

2
00:00:14,590 --> 00:00:19,960
trees a datum dot com and fabric in dot com.

3
00:00:19,960 --> 00:00:29,110
The two child domains EU did a datum that comment is spear for breaking that comb are physically located

4
00:00:29,110 --> 00:00:36,640
in the same city in Spain frequent resource share and exist between these two editors demands the parent

5
00:00:36,640 --> 00:00:44,860
80 days demands a datum that comment for broken dot com exists in North American cities although transitive

6
00:00:44,890 --> 00:00:54,040
trust relationships exist between all the aid it is domains in the ADT is forest no direct authentication

7
00:00:54,370 --> 00:01:01,890
link exists between where you do it a datum that command is spear for broken dot com.

8
00:01:01,990 --> 00:01:05,200
So let's review the slides on the first slide.

9
00:01:05,230 --> 00:01:12,920
The slide depicts the authentication process that is required when a user from client computer seal

10
00:01:12,940 --> 00:01:18,430
one wishes to access a file on file server D.

11
00:01:18,460 --> 00:01:27,820
An arrow is shown from EU dot a datum dot com to ISP dot for brick and dot com on the second slide.

12
00:01:27,820 --> 00:01:36,100
CLIENT 1 contact the local ADT as the main controller client 1 and this domain controller refers to

13
00:01:36,220 --> 00:01:44,950
the 8 it is the main controller 2 That is next in line on the third slide the entity the main controller

14
00:01:44,950 --> 00:01:54,450
2 referrals client 1 to 80 days domain controller 3 in four broken dot com on the fourth slide the 8

15
00:01:54,460 --> 00:02:03,360
it is domain controller 3 referrals client 1 2 8 it is the main controller for an ISP that for broken

16
00:02:03,400 --> 00:02:05,650
dot com on the fifth slide.

17
00:02:05,650 --> 00:02:14,190
CLIENT 1 uses the ticket that ADT as the main controller for issued to contact files solver.

18
00:02:14,190 --> 00:02:23,980
In is spelled out for broken dot com and on the 6 slide it is depicted as a shortcut trust that is established

19
00:02:23,980 --> 00:02:33,040
between ISP dot for broken dot com and EU dot a datum that come with a shortcut trust established client

20
00:02:33,040 --> 00:02:38,460
one receives a ticket from the local aid it is domain controller 1.

21
00:02:38,530 --> 00:02:46,400
Now it can contact ADT as the main controller for in there is PD dot for broken dot com 80 days domain

22
00:02:46,810 --> 00:02:51,430
and then receives a ticket to access file server D.

23
00:02:51,580 --> 00:02:59,080
So in this scenario without the shortcut trust in place several communications must travel to North

24
00:02:59,080 --> 00:03:07,780
American back the network link might not be fast or 100 percent reliable or it could be expensive.

25
00:03:07,900 --> 00:03:12,450
Therefore the shortcut trust improves performance and more than one way.

26
00:03:12,490 --> 00:03:20,110
So when you set up trusts between demands within the same forest across forests or with an external

27
00:03:20,110 --> 00:03:28,820
the real information about this trust such as transit TvT and type is stored in active directory at

28
00:03:28,840 --> 00:03:31,080
trusted domain object stores.

29
00:03:31,090 --> 00:03:36,790
This information this domain object is created and stored in the system container.

30
00:03:36,790 --> 00:03:45,550
In 80 years whenever you set up a trust how trusts enable users to access resources in a forest.

31
00:03:45,550 --> 00:03:47,750
Let's recap the previous slides.

32
00:03:47,860 --> 00:03:54,550
So when a user in a domain attempts to access a shared resource in another domain in the forest the

33
00:03:54,550 --> 00:04:03,000
user's computer first contacts demand control or needs domain to request a session take it to the resource

34
00:04:03,280 --> 00:04:06,670
because the resource is not in the user's domain.

35
00:04:06,670 --> 00:04:12,260
The domain controller must determine whether a trust exists with a target domain.

36
00:04:12,430 --> 00:04:18,790
The domain controller can use the trust domain object to verify that the trust exists.

37
00:04:18,790 --> 00:04:25,780
However to access the resource the client computer must communicate with a domain controller in each

38
00:04:25,780 --> 00:04:28,450
domain along the trust path.

39
00:04:28,450 --> 00:04:35,200
The domain controller and the client computers domain refers the client computer to a domain controller

40
00:04:35,500 --> 00:04:39,020
in the next domain along the trust path.

41
00:04:39,040 --> 00:04:46,780
If that is not the domain where the resources located the domain controller refers the client computer

42
00:04:46,780 --> 00:04:49,730
to a domain controller in the next domain.

43
00:04:49,750 --> 00:04:56,230
Eventually the client computer is referred to a domain controller in the domain where the resource is

44
00:04:56,230 --> 00:05:02,200
located and the client is issued a session ticket to access the resource.

45
00:05:02,290 --> 00:05:10,960
The trust pass is a shorter pass through the trust hierarchy in a forest in which only the default trusts

46
00:05:10,960 --> 00:05:12,220
are configured.

47
00:05:12,220 --> 00:05:20,200
The trust passed does and goes up the demand tree to the forest root domain and then down the domain

48
00:05:20,200 --> 00:05:22,270
tree to the Tajik domain.

49
00:05:22,570 --> 00:05:30,340
If shortcut trusts are configured the trust path might be a single hop from the clan computer domain

50
00:05:30,610 --> 00:05:33,300
to the domain that contains the resource.