<Dd> A one - way trust used by Microsoft Identity Manager from a (possibly low - level) production forest to a (Windows Server 2016 functionality level)' bastion' forest, which issues time - limited group memberships . </Dd> <P> Windows Server 2003 introduced the forest root trust . This trust can be used to connect Windows Server 2003 forests if they are operating at the 2003 forest functional level . Authentication across this type of trust is Kerberos - based (as opposed to NTLM). </P> <P> Forest trusts are transitive for all the domains the trusted forests . However, forest trusts are not transitive between forests . </P> <P> Example: Suppose that a two - way transitive forest trust exists between the forest root domains in Forest A and Forest B, and another two - way transitive forest trust exists between the forest root domains in Forest B and Forest C. Such a configuration lets users in Forest B access resources in any domain in either Forest A or Forest C, and users in Forest A or C can access resources in any domain in Forest B. However, it does not let users in Forest A access resources in Forest C, or vice versa . To let users in Forest A and Forest C share resources, a two - way transitive trust must exist between both forests . </P>

Active directory and file server on same server