Trust relationships in Active Directory enable users in one domain to access and use resources in another domain. For example, users in your sales domain might need to access documents and other resources in the engineering domain.

In Windows 2000 Server, domains in a forest automatically exist in a transitive, two-way trust. For example, if domain A trusts B, and B trusts C, then A trusts C.

In addition, all root domains in a domain tree have a transitive two-way trust with the forest root domain. Ultimately, this means that all domains in the forest have a trust relationship with the other domains in the forest.

You can create two additional explicit trust relationships: external trusts and shortcut trusts. An external trust creates a relationship to a domain outside of the forest, such as a Windows NT domain. External trusts are one-way and nontransitive.

You can also create shortcut trusts, which are two-way, transitive trusts between domains in the same forest. Shortcut trusts shorten the trust path between two domains to improve performance and optimize authentication.

To create a new trust relationship, follow these steps:

1. Open the Active Directory Domains And Trusts console, which you can find in the Administrative Tools folder.

2. Right-click the domain, and select Properties.

3. On the Trusts tab, you'll find a section for trusted domains and asection for trusting domains. Click the Add button in the appropriate area.

4. In the resulting dialog box, specify the remote domain and a password for the trust, and click OK.