You're right. I was trying to answer too quickly before a flight took off
and I got a couple things wrong here.
_______________________________________________________
Steve Riley
Microsoft Communications Consulting in Denver, Colorado
-----Original Message-----
From: Don Tuer [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 27, 2000 5:37 PM
To: Steve Riley (MCS); 'avishver'; [EMAIL PROTECTED]
Subject: RE: WIN2000 AD
Hi Steve:
Couple of things:
* There is only one Enterprise Administrator and one Schema Administrator
per forest.
> One group but multiple users can be members
* Even though most of the AD is multi-master, the FSMO roles aren't. The PDC
role owner is responsible for password change replication, and there is one
per forest.
> One PDC per Domain as well as the Infrastructure, and RID FSMOs.
* Within a forest, trusts are Kerberos, bi-directional, transitive, and
automatic. Between forests, trusts are NTLM, at the roots only, and are
manual (like NT4).
> NTLM Trusts can be from any domain.
Hope this helps.
Don Tuer
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
