Kerberos and delegation does not work through a one way trust. You'll
need two-way transitive trust (one forest) or two-way transitive forest
trust (both forests must be Windows 2003 mode).
If you wonder what negotiation and authentication goes on try to use
network monitor or similar to capture and analyze the traffic.
Re: Huge AD deployment ... That was the case in Windows 2000, but in Windows Server 2003 forest trusts... note though is that a forest trust is only transitive for domains within the ... >> company.com in that data center and have every country trust company.com ... instead of going over the internet.... (microsoft.public.windows.server.active_directory)
Re: Domain Functional Levels and Trusts ... other type of trust, i.e., Forest Trust ... A Forest Trust and an External trust are TWO DISTINCT types ... FORESTS to be in Win2003 Forest Functional Level....External trusts are possible in any MODE, ... (microsoft.public.windows.server.active_directory)
RE: Two way forest trust fails only in one direction ... After deep research of the SMB signing, we saw that both servers need Reg Key: ... needed to match on both servers on both sides of the trust.... B's Forest, but Company B can not access Company As forest at all. ...running DNS and WINS under Windows Active Directory. ... (microsoft.public.windows.server.active_directory)
Re: Raise "Forest" functional level & rename domain? ... When two forests are both at 2003 forest functional level you have two trust...Cross-forest trusts have some benefits over standard domain trusts (e.g ... selective authentication, transitive across all domains in the forest, etc.). ... (microsoft.public.windows.server.active_directory)
Re: admt and virtual pc ... are both 2003 and the same forest there should be a default implicit trust....ADMT but you don't actually say that and more importantly ... ADMT requires the Source Domain... (microsoft.public.windows.server.active_directory)
