Microsoft KB Archive/260123

= Information on the Transitivity of a Kerberos Realm Trust =

Article ID: 260123

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q260123



SUMMARY
This article discusses the transitivity of a trust formed between a Microsoft Windows 2000 domain and a Kerberos realm.



MORE INFORMATION
When you create a trust between a Windows 2000 domain and a Kerberos realm, that trust is non-transitive. This means that only clients and servers that are in the immediate domain of the trust object can use this trust. Child domains are not able to use the trust.

In order for child domains to use the trust object, you must change the trust object from non-transitive to transitive. You can do this with the Netdom.exe tool found in the Windows 2000 Resource Kit. You can change a specific trust to be transitive by using the &quot;netdom trust&quot; and &quot;transitive:yes&quot; options.

Additional query words: netdom.exe Kerberos trust transitivity

Keywords: kbhowto KB260123

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.