Hello,
Thank you or your useful answers.
I was also concerned about security aspects:
- Is there some info. about the whole organization
that will reside in each sub. PDC because of it is one forest?
- Can a talented adminitrator in one sub. gain undesired access/info.
about other sub. or the whole organization because it is one forest ?
Thanks
avi shvartz
At 09:59 28/11/00 -0800, you wrote:
>You're right. I was trying to answer too quickly before a flight took off
>and I got a couple things wrong here.
>
>_______________________________________________________
>Steve Riley
>Microsoft Communications Consulting in Denver, Colorado
>
>
>-----Original Message-----
>From: Don Tuer [mailto:[EMAIL PROTECTED]]
>Sent: Monday, November 27, 2000 5:37 PM
>To: Steve Riley (MCS); 'avishver'; [EMAIL PROTECTED]
>Subject: RE: WIN2000 AD
>
>
>Hi Steve:
>
>Couple of things:
>
>* There is only one Enterprise Administrator and one Schema Administrator
>per forest.
>
>> One group but multiple users can be members
>
>* Even though most of the AD is multi-master, the FSMO roles aren't. The PDC
>role owner is responsible for password change replication, and there is one
>per forest.
>
>> One PDC per Domain as well as the Infrastructure, and RID FSMOs.
>
>* Within a forest, trusts are Kerberos, bi-directional, transitive, and
>automatic. Between forests, trusts are NTLM, at the roots only, and are
>manual (like NT4).
>
>> NTLM Trusts can be from any domain.
>
>Hope this helps.
>
>Don Tuer
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
