Hi Steve:
Couple of things:
* There is only one Enterprise Administrator and one Schema Administrator
per forest.
> One group but multiple users can be members
* Even though most of the AD is multi-master, the FSMO roles aren't. The PDC
role owner is responsible for password change replication, and there is one
per forest.
> One PDC per Domain as well as the Infrastructure, and RID FSMOs.
* Within a forest, trusts are Kerberos, bi-directional, transitive, and
automatic. Between forests, trusts are NTLM, at the roots only, and are
manual (like NT4).
> NTLM Trusts can be from any domain.
Hope this helps.
Don Tuer
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
