Information on the Transitivity of a Kerberos Realm Trust (260123)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q260123 SUMMARY
This article discusses the transitivity of a trust formed between a Microsoft Windows 2000 domain and a Kerberos realm.
MORE INFORMATION
When you create a trust between a Windows 2000 domain and a Kerberos realm, that trust is non-transitive. This means that only clients and servers that are in the immediate domain of the trust object can use this trust. Child domains are not able to use the trust.
In order for child domains to use the trust object, you must change the trust object from non-transitive to transitive. You can do this with the Netdom.exe tool found in the Windows 2000 Resource Kit. You can change a specific trust to be transitive by using the "netdom trust" and "transitive:yes" options.
| Modification Type: | Minor | Last Reviewed: | 1/26/2006 |
|---|
| Keywords: | kbhowto KB260123 |
|---|
|