4.0 Trust Relationship of Domains in the Forest

A trust is used to allow users of one domain to access resources from another domain. Trusts are automatically created within an eDirectory tree when domains are created. For authentication and name lookups to work across domains, a trust relationship must be created between the domains. The trust relationship includes a shared secret that can be used for both Kerberos and NTLM authentication, along with information that is used to support name resolution.

Domains can have trust relationships to other domains, which permit a user in one domain to be authenticated to another. These relationships are manifested as shared secrets between the two domains. Trust relationships are automatic (and transitive) within a forest; they can also be explicitly created to external domains or forests.

For more details about the kinds of trusts and setting up trusts, see Managing Trust Relationships in Domain Services for Windows in the OES 11 SP2: Domain Services for Windows Administration Guide.