>Explain about Trust in AD ?
To allow users in one domain to access resources in another, Active Directory uses trusts. Trusts inside a forest are automatically created when domains are created.
The forest sets the default boundaries of trust, not the domain, and implicit, transitive trust is automatic for all domains within a forest. As well as two-way transitive trust, AD trusts can be a shortcut (joins two domains in different trees, transitive, one- or two-way), forest (transitive, one- or two-way), realm (transitive or nontransitive, one- or two-way), or external (nontransitive, one- or two-way) in order to connect to other forests or non-AD domains.
Trusts in Windows 2000 (native mode)
One-way trust – One domain allows access to users on another domain, but the other domain does not allow access to users on the first domain.
Two-way trust – Two domains allow access to users on both domains.
Trusting domain – The domain that allows access to users from a trusted domain.
Trusted domain – The domain that is trusted; whose users have access to the trusting domain.
Transitive trust – A trust that can extend beyond two domains to other trusted domains in the forest.
Intransitive trust – A one way trust that does not extend beyond two domains.
Explicit trust – A trust that an admin creates. It is not transitive and is one way only.
Cross-link trust – An explicit trust between domains in different trees or in the same tree when a descendant/ancestor (child/parent) relationship does not exist between the two domains.
Windows 2000 Server – supports the following types of trusts:
Two-way transitive trusts.
One-way intransitive trusts.
Additional trusts can be created by administrators. These trusts can be:
>What is tombstone lifetime attribute ?
The number of days before a deleted object is removed from the directory services. This assists in removing objects from replicated servers and preventing restores from reintroducing a deleted object. This value is in the Directory Service object in the configuration NIC.
>What are application partitions? When do I use them ?
AN application diretcory partition is a directory partition that is replicated only to specific domain controller.Only domain controller running windows Server 2003 can host a replica of application directory partition.
Using an application directory partition provides redundany,availability or fault tolerance by replicating data to specific domain controller pr any set of domain controllers anywhere in the forest.
>How do you create a new application partition ?
Use the DnsCmd command to create an application directory partition.
To do this, use the following syntax:
DnsCmd ServerName /CreateDirectoryPartition FQDN of partition
>How do you view all the GCs in the forest?
C:\>repadmin /showreps domain_controller where domain_controller is the DC you want to query to determine whether it?s a GC.
The output will include the text DSA Options: IS_GC if the DC is a GC.
>Can you connect Active Directory to other 3rd-party Directory Services? Name a few options.
Yes, you can use dirXML or LDAP to connect to other directories.
In Novel you can use E-directory.