TechTutorials - Free Computer Tutorials  

A Brief Introduction to Domains and Trusts 

Added: 01/09/2000, Hits: 2,285, Rating: 0, Comments: 0, Votes: 0
Add To Favorites | Comment on this article
By Brian Talbert

Domain Overview
Windows NT Domains provide a mechanism to logically group resources. In addition, domains provide for centralization of administration and security. A domain can be compared to an exclusive neighborhood. This neighborhood, call it Pleasantville, is surrounded by a high security fence with the only point of entrance being through a guarded gate. The guard permits passage only to residents or authorized visitors. All residents of Pleasantville are grouped logically by virtue of their address and can be identified as a resident of the community by examining their address. And since all residents must pass through one guarded gate, centralized security is being provided when identification and residence is verified.

When you log on to your computer, you are passing through the guarded gate. Your user name and password are authenticated against information stored in a Domain Controller, a special server on your NT network. The domain controller is similar to the guard station. It contains the domain security database. If the credentials you provide prove that you are a member of the domain, then you are permitted access and the logon procedure completes. If, however, your credentials can not be verified then the logon procedure halts and you are not permitted to use the computer, until you can provide valid credentials.

Multiple Domains
Take the scenario on step further, imagine that Pleasantville engages in an agreement with a similar nearby community, Lakeshore, a lovely, secure community providing free boat rentals to all residents. The agreement allows all residents of Pleasantville to use the boating facilities of Lakeshore just as if they were residents of the neighborhood. To access the dock, Pleasantville residents must pass through the Lakeshore guard station and provide identification as Pleasantville residents. In this scenario, Lakeshore trusts the residents of Pleasantville to enter their secure neighborhood and share their boating facilities.

Windows NT provides similar functionality. Multiple domains can exist on the same network and you can interact through these trust relationships. Usually, these relationships are transparent to you, the end user. You simply log on to your domain. Later, when attempting to access a resource located in another domain, you credentials will be transparently passed to the domain controller for the other domain. If you credentials pass you will be permitted access to the resource, otherwise access will be denied.

Master Domains
There are a variety of ways in which domain trusts can be established. Trusts can be established mutually between two domains (a two-way trust), however, one domain can trust another without a reciprocating trust (a one-way trust). User can exist in all, some, or just one domain. In case where users exist in one domain while resources exist in another is called the Master Domain model. The domain that contains the users is called the Master Domain. The other domains are typically referred to as the resource domains. Resources that you will often find in these domains include you workstation (computer account), printers, and server related resources.

Going back to the scenario, suppose that Pleasantville was, instead, engaged in an agreement with a private yacht club. This agreement allows Pleasantville residents complimentary privileges to the club. In addition they may even choose to establish similar agreements with a health club and a golf club. In this case Pleasantville would be considered something like the Master Domain and each of the clubs are Resource Domains (since people don't typically live in such clubs.)

The NT Terminology
When these relationships are discussed in Windows NT, terminology is used that keeps with the concepts of relationships of trust. If you keep in mind the scenarios we've discussed, the terminology should be fairly straight-forward.

In our scenario, think about who is doing the trusting. In the case of the relationship between the golf club and Pleasantville, for instance, it is the golf club that must trust the residents of Pleasantville. Pleasantville is trusted by the golf club. The golf club is trusting of Pleasantville.

You will often come see these relationships represented by diagrams. For instance:

It is important to become familiar with this method of representing trusts as many Microsoft exams will require knowledge of trust relationships and these relationships are often described only using such diagrams.

There are a few tips for remembering the terms and the diagrams. For remembering the diagrams, just remember "Trusted gets the arrowhead". For remembering the terms, remember that the trusTED domain is where your users are, in this case a user named TED. The trusTING domain is where the "T'INGS" are that TED wants.

Comments (0)

Be the first to comment on this article

Related Items

7 Seconds Resources, Inc.

IT Showcase