Introduction
Applies To: Windows Server 2003 with SP1
The concept of the Active Directory forest was introduced in versions of Microsoft Windows 2000, and it was presumed that most organizations would deploy a single forest that spanned the entire organization. However, many organizations deploy multiple forests. In addition, collaboration might be required across forests in different organizations. When this occurs, establishing an external trust relationship requires an enormous amount of management and does not use the newest technological advances.
The concept of the forest trust is introduced in Windows Server 2003 to make multiple forest deployments easier. The forest trust allows administrators to federate two Active Directory forests with a single trust relationship to provide a seamless authentication and authorization experience across the forests. In this white paper, common scenarios where you can deploy forest trusts, basic concepts that involve forest trusts, and the technologies that are included with Windows Server 2003 that enable these multiple forest deployments are described.
Note
This document refers to features that are included with Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. These features are not included on computers that are running the Windows Server 2003, Web Edition operating system.