Clarification of a statement from the 70-294 book... Regarding multiple forests...

Discussion in 'Active Directory Exams' started by steveh2001, Feb 26, 2012.

  1. steveh2001

    steveh2001 Byte Poster

    Hi guys

    Hope you can help with this, as to me it sounds wrong, but I might be mis-understanding...

    As far as I know, if you have multiple domains in a single forest, whether it be child domains or a new domain tree, there is a transitive trust, and when a user logs on, they will see the domains in the "log on to" box. If you have multiple forests without a trust, there will be no link and the "log on to" box will not have the other domains within the forest.

    However a statement in the 70-294 book regarding implications of creating multiple forests states:

    "User Logon: Unless a forest trust is created, when a user logs on to a computer outside his or her own forest, he or she must specify the default UPN, which contains the full domain path for the user account, rather than just the easy-to-remember abstracted UPN."

    Fair enough about the other forests DC's not knowing about the shortened UPN, but my problem understanding is, how can the user log on to another computer outside their forest with THEIR NORMAL domain account in the first place? As the statement above implies no trust??

    Hope for some advice/clarification!

    Certifications: A+,N+,CommVault,MCSA/MCSE 2003,VCP 4.1.
    WIP: ?

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.