1 00:00:07,000 --> 00:00:12,340 In the previous lesson we've talked about how trusts work in a forest. 2 00:00:12,340 --> 00:00:16,770 Now let's talk about how trusts work between forests. 3 00:00:16,840 --> 00:00:24,040 Let's open up Active Directory Domain and trusts and see where you can create a new trust relationship 4 00:00:24,040 --> 00:00:26,650 and how you can choose different types. 5 00:00:26,650 --> 00:00:29,320 For example forest and domain. 6 00:00:29,650 --> 00:00:37,690 So if the ADA this environment contains more than one forest it's possible to set up trust relationships 7 00:00:37,990 --> 00:00:46,330 between the Active Directory Forest Road domains this Forest Trust can be forest wide trusts or selective 8 00:00:46,330 --> 00:00:47,160 trusts. 9 00:00:47,230 --> 00:00:54,770 Forest Trust can be one way or two way forest trusts are also translated for domains in each domain. 10 00:00:54,850 --> 00:01:02,980 In each forests or forest trust relationship allows users who are authenticated by a domain in one forest 11 00:01:03,280 --> 00:01:11,950 to access resources that are in a domain in the other forest provided that they have been granted access 12 00:01:11,950 --> 00:01:12,780 rights. 13 00:01:12,850 --> 00:01:20,400 If the Forest Trust is one way domain controllers in the trust and forest can provide session ticket 14 00:01:20,680 --> 00:01:29,080 to users in any domain in the trusted Forest Forest trusts are significantly easier to establish maintain 15 00:01:29,110 --> 00:01:36,220 and administer than separate trust relationships between each of the domains in the forest. 16 00:01:36,220 --> 00:01:44,500 Forest trusts are particulary useful in scenarios that involve growth or organisation collaboration. 17 00:01:44,500 --> 00:01:53,710 Mergers and acquisitions or within a single organization that has more than one forest in which to isolate 18 00:01:53,800 --> 00:02:01,480 Active Directory data and services Forest Trust are also useful for application service providers for 19 00:02:01,750 --> 00:02:11,170 collaborative business extroverts and for organizations that want to that want a solution for administrative 20 00:02:11,260 --> 00:02:12,310 autonomy. 21 00:02:12,310 --> 00:02:16,510 Let's take a look at Forest Trust's benefits. 22 00:02:16,510 --> 00:02:26,190 The first benefit is simplified management of resources across two Windows Server 2008 or newer forest 23 00:02:26,200 --> 00:02:32,500 by reducing the number of external trust necessary to share resources. 24 00:02:32,500 --> 00:02:39,480 The second benefit is complete two way trust relationships with every demand in each forest. 25 00:02:39,490 --> 00:02:47,410 The next benefit is use of European authentication and growth to forests and other benefit is use of 26 00:02:47,410 --> 00:02:56,310 the carbon price version 5 protocol to improve the trust versus ness of authentication data that transfers 27 00:02:56,320 --> 00:02:57,850 between forests. 28 00:02:57,850 --> 00:03:06,310 Another benefit is flexibility of administration administrative tasks can be unique for each forest. 29 00:03:06,340 --> 00:03:11,070 You can create a Forest Trust only between two aided years forests. 30 00:03:11,140 --> 00:03:15,970 You cannot extend the trust implicitly to a third forest. 31 00:03:15,970 --> 00:03:22,810 This means that if you create a Forest Trust between forest one and forest two you can create a Forest 32 00:03:22,810 --> 00:03:26,150 Trust between forest 2 and forestry. 33 00:03:26,200 --> 00:03:30,830 Forest 1 does not have an implicit trust with Forest 3. 34 00:03:30,940 --> 00:03:35,560 So forest trusts are not transitive between multiple forests. 35 00:03:35,650 --> 00:03:43,090 You must address several requirements before you can implement a forest trust including ensuring that 36 00:03:43,090 --> 00:03:53,350 the forest functional level is Windows Server 2003 or newer and that DNS name resolution exists between 37 00:03:53,350 --> 00:03:54,210 the forests.