Securing Domain and Forest Trusts
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
When you create a new trust in an existing Active Directory forest, all communications over that trust are tightly secured. However, when you create a trust between your domain and another domain outside your forest, there are certain security issues involved. For example, you might need to configure security identifier (SID) filtering to deny one domain the right to provide credentials for another domain. You can enable or disable SID filtering for external trusts or forest trusts.
The following tasks for securing domain and forest trusts are described in this objective:
For more information about how the security settings for domain and forest trusts work, see "Security Considerations for Trusts" in the Windows Server 2003 Technical Reference on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=35413).