Best Practices for Domain and Forest Trusts

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The following best practices are proven to increase availability, ensure trouble-free operations, or ease administration when you use them to administer domain and forest trusts:

When your forest contains domain trees with many child domains and you observe noticeable user authentication delays between the child domains, you can optimize the user authentication process between the child domains by creating shortcut trusts to mid-level domains in the domain tree hierarchy.

For more information, see When to create a shortcut trust on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=42644).

Keep a current list of trust relationships for future reference.

You can use the Nltest.exe tool to display and record a list of these trusts. For more information, see "Nltest.exe: NLTest Overview" in the Windows Server 2003 Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=42642).

Perform regular backups of domain controllers to preserve all trust relationships within a particular domain.

For more information, see Back up system state.