jb said:
Can anyone point me to literature or tell me the pros and cons for
connecting 2 ad domains. One via a forest trust the other a second tree in
a forest.
I don't know about literature in specific, but you can certainly
find this by searching the MS website. However it is really
quite simple to see the main differences:
1) Forest trusts have several requirements and only a limited
extra features:
a) Both Forests (all domains) must use strictly Win2003 DCs
only and the Forests must be in "Win2003 forest functional level."
b) it can be one way or two way (if that helps)
c) it allows joining forests "after the fact" (after the domains were
created)
d) Are SEMI-transitive*
2) Trees in a single forest were already available in Win2000 and
require nothing special (mode or levels) to make them work.
a) trusts are automatical, two way (nothing to do, but must be 2-way)
b) don't require Win2003 or any special mode/level
c) MUST be created this way when you install the domains
d) are FULLY transitive*
* Most documentation describes "forest trusts" as "transitive" but this
is an incomplete specification. Forest trusts are transitive to all domains
within each of the TWO forests but are NOT transitive from one forest
through another to a third forest, thus "semi-transitive" is more accurate.
[/QUOTE]
