NT Gatekeeper: Understanding Interdomain Trust Relationship Limits

Does Windows NT Server 4.0 limit the number of domain trust relationships?

NT Server 4.0 has a practical limit of 128 trust relationships that originate from one domain and a theoretical limit of 256 trusts that originate from one domain. The limiting factor is the Local Security Authority (LSA) secrets, which are private data objects that NT uses to store security information. NT Server 4.0 limits the number of LSA secrets to 256. An outgoing trust relationship consumes one LSA secret for every DC in the domain. Because LSA secrets are also used for other purposes (e.g., to save the passwords for service accounts), Microsoft recommends that you use no more than half of the 256 LSA secrets for interdomain trust relationships.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish