Compartir a través de


When to create a shortcut trust

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

When to create a shortcut trust

Shortcut trusts are one-way or two-way, transitive trusts that can be used when administrators need to optimize the authentication process. Authentication requests must first travel a trust path between domain trees, and in a complex forest this can take time, which can be reduced with shortcut trusts. A trust path is the series of domain trust relationships that must be traversed in order to pass authentication requests between any two domains. For more information about trust paths, see Trust direction.

Shortcut trusts are necessary when many users in a domain regularly log on to other domains in a forest. For example, using the following figure as an example, you could form a shortcut trust between domain B and domain D or domain A and domain 1 and so on.

Shortcut trusts in a forest

Shortcut trusts effectively shorten the path traveled for authentication's made between domains located in two separate trees.

For more information about how to create a shortcut trust, see Create a shortcut trust.

Using one-way trusts

A one-way, shortcut trust established between two domains located in separate domain trees can reduce the time needed to fulfill authentication requests, but in only one direction. For example, when a one-way, shortcut trust is established between domain A and domain B, authentication requests made in domain A to domain B can utilize the new one-way trust path. However, authentication requests made in domain B to domain A will still need to travel the longer trust path.

Using two-way trusts

A two-way, shortcut trust established between two domains located in separate domain trees will reduce the time needed to fulfill authentication requests originating in either domain. For example, when a two-way trust is established between domain A and domain B, authentication requests made from either domain to the other can utilize the new, two-way trust path.