Clarification of a statement from the 70-294 book... Regarding multiple forests...

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi guys

Hope you can help with this, as to me it sounds wrong, but I might be mis-understanding...

As far as I know, if you have multiple domains in a single forest, whether it be child domains or a new domain tree, there is a transitive trust, and when a user logs on, they will see the domains in the "log on to" box. If you have multiple forests without a trust, there will be no link and the "log on to" box will not have the other domains within the forest.

However a statement in the 70-294 book regarding implications of creating multiple forests states:

"User Logon: Unless a forest trust is created, when a user logs on to a computer outside his or her own forest, he or she must specify the default UPN, which contains the full domain path for the user account, rather than just the easy-to-remember abstracted UPN."

Fair enough about the other forests DC's not knowing about the shortened UPN, but my problem understanding is, how can the user log on to another computer outside their forest with THEIR NORMAL domain account in the first place? As the statement above implies no trust??

Hope for some advice/clarification!

Thanks!
Steve