two-way transitive trust

Definition of two-way transitive trust in The Network Encyclopedia.

What is Two-way transitive trust?

Two-way transitive trust is a trust relationship between two domains in Microsoft Windows 2000. By default, a Windows 2000 trust is two-way, meaning that each domain trusts the authority of the other domain for authentication. A Windows 2000 trust is also transitive - if domain A trusts domain B and domain B trusts domain C, domain A trusts domain C. Windows 2000 two-way transitive trusts are based on the Kerberos v5 security protocol.

Because of the two-way transitive nature of Windows 2000 trusts, all domains in a domain tree implicitly trust each other. This means that resources of one domain are available to users in all other domains in the domain tree if they have suitable permissions.


You can also create one-way nontransitive trusts for Windows 2000–based networks. These one-way trusts are similar to the trust relationships formed by Microsoft Windows NT domain controllers. A one-way trust between a domain and a domain tree provides users of the domain with access only to the domain in the tree to which it is joined. One-way trusts can be useful when domains require a less permanent relationship - for example, when two companies take part in a joint venture. Only the resources needed by the other company are made available to the trusted domain; the entire domain tree is not exposed.

See also: