Donat Was Here

DonatShell
Server IP : 180.180.241.3 / Your IP : 216.73.216.252
Web Server : Microsoft-IIS/7.5
System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.3.28
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : /Windows/Help/Windows/en-US/
Upload File :
[ HOME SHELL ]
Current File : /Windows/Help/Windows/en-US/domadmin.h1s
MZ@PELà!@0þê@Ô.rsrcÔ@@.its @@€0€	HX||4VS_VERSION_INFO½ïþÚStringFileInfo¶040904b0b!FileVersion1.00.00                         l"FileDescriptionCompiled Microsoft Help 2.0 TitleBFileStamp98AB2A4901CA041F4JCompilerVersion2.5.71210.08579VCompileDate2009-07-14T01:08:28      >TopicCount80000000000000¦ALegalCopyright© 2005 Microsoft Corporation. All rights reserved.CCCCCCCCCCCCCDVarFileInfo$Translation	°tiPI*«˜»ÃšÊ»XITOLITLS(è›XìŒ¡Ù±^
V¿æî`¸  ˜ xˆ˜ÿÿÿÿÿÿÿÿ UÿÿÿÿÿÿÿÿCAOLPHHíC ITSF Ø#ˆ*«˜	þÅO-YìŒ¡Ù±^
V¿æîYìŒ¡Ù±^
V¿æîIFCMÿÿÿÿÿÿÿÿAOLLÍÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿUIFCM ÿÿÿÿÿÿÿÿAOLL¨ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ//$FXFtiAttribute//$FXFtiAttribute/BTREE†ô1È/$FXFtiAttribute/DATA/$FXFtiAttribute/PROPERTY‡¼IN/$FXFtiMain//$FXFtiMain/BTREEƒÔmƒˆ/$FXFtiMain/DATA†Ý•^/$FXFtiMain/PROPERTY†òcN/$Index/$ATTRNAME‡Æ‚/$Index/$PROPBAGŠÖ1/$Index/$STRINGSˆÇC•2/$Index/$SYSTEMŠºA›p
/$Index/$TOC//$Index/$TOC/$domadminŠb/$Index/$TOPICATTR‡¾‡p/$Index/$TOPICSŠ°1Š/$Index/$URLSTR‰ÜuÎ</$Index/$URLTBLŠ«1…/$Index/$VTAIDX‡ÈŸ/$Index/AssetId//$Index/AssetId/$BL0‡ç; /$Index/AssetId/$LEAF_COUNTSˆ‡;/$Index/AssetId/$LEAVESˆ‡CÀ	/$OBJINSTŠbƒÊ/assets/0/assets/0011ec45-8051-41b2-b8ef-30b9161d3223.xmlt¡0/assets/01e41315-a9b3-4f64-95db-f7147bcf1adf.xml¢r0/assets/04c5a443-d7b3-4cc1-932f-c720a8e9cb41.xml²}‘+0/assets/0b564360-4440-4dfb-bcda-a3f20406de88.xmlÄ(³V0/assets/0c97d612-762b-4bba-a158-036c1497446c.xml÷~‘T0/assets/14b8a443-1d98-45a6-b3fa-74b80fc44519.xml‰RŒ0/assets/230ae7d6-352d-41d6-880d-f02052f6996c.xml–Q£0/assets/2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b.xml¹nÊ"0/assets/2e8f3ff1-225c-46e4-9061-e758df8befa4.xml‚„¾'0/assets/36b61c6d-d4b8-4e1e-bd78-db8204285408.xml‚Â7Ê0/assets/471131f7-9aa2-4f3b-ad0b-03caf9a9ea07.xmlƒŒV”0/assets/5378c53f-ef40-4cdd-96a6-911ba6056083.xmlƒ tœL0/assets/574bd0d8-1816-4d1e-bb78-61ffbd84ee34.xmlƒ½@Ä0/assets/6472046a-30dd-4dc9-92e0-450cebdafc90.xml„E®0/assets/6d35ab81-0b60-4425-8c95-46f676d1ea69.xml„Åž0/assets/6e36265c-863a-4f03-92b9-ee994e61b34f.xml„ãý0/assets/7296dc81-0672-4023-9937-c060fd7eef2f.xml…à.0/assets/72bf4a7d-660e-489f-b475-bea95e8d126c.xml…ý6ÒA0/assets/791d01b9-2b81-446f-a4ae-75a5a1241a7e.xml†Ïw—N0/assets/79feb454-7529-4742-9f39-5d6c0696e6c1.xml†çE™0/assets/7a01372b-6eb1-4175-b9ff-8c330a616021.xml‡€V¦n0/assets/80304139-ee6b-43f0-bc4f-6a4196392d4d.xml‡§D¨0/assets/80ae74bb-ccdd-4448-91f3-0038de553d9d.xml‡çQ´f0/assets/828a249f-9fd5-405f-9cd7-0657de4065a4.xmlˆœ7±[0/assets/845f4f62-9231-44f6-ac76-572da9d09321.xmlˆÎÕ0/assets/8c0cd186-a239-454b-9789-cef187236918.xml‰£.¥S0/assets/991d570b-7d58-42bb-ad11-12045ebe1ec5.xml‰Éº0/assets/9e88fe6b-2c8c-4c1a-bc78-21e807eecbba.xmlŠƒ{0/assets/9ef8c5ac-341e-4473-963b-32b67ff58c29.xmlŠº.¬(0/assets/a43bb3e4-77b3-4b2e-adbd-d154b346781a.xmlŠæV¨0/assets/aae18246-025a-44ff-84a5-fccabd63038f.xml‹Žmª'0/assets/c88ba049-2635-4cc8-8f00-76cbeefe18b8.xml‹¹Ž0/assets/d50bbb29-2ae1-4d47-bdb3-dc47efc111cf.xml‹åJ–&0/assets/e1d983b5-7817-4972-b6fa-28c3f8577e69.xml‹ûpª=0/assets/e1ed9885-3d41-4ef4-999a-bfa40d54808e.xmlŒ¦-™l0/assets/fb14e09d-f63b-4341-a8cf-0cad098888c4.xmlŒÀ{0/assets/ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1.xmlŒÐŒ)
/domadmin.h1cŒÜ=Š
/domadmin.H1FŒæU–O
/domadmin.H1T‘Þ-¨O
/domadmin.H1VŒý$„á	/domadmin_AssetId.H1K’†|k/domadmin_BestBet.H1K’‡gk/domadmin_LinkTerm.H1K’ˆRl/domadmin_SubjectTerm.H1K’‰>o/relatedAssets/7/relatedAssets/1f6970c2-62d3-482d-a78a-451d4333f511.gif‡ÏX—y7/relatedAssets/218c5e4d-e17e-4dce-8fa8-d37ff02fe8bb.gifŠ‘œ7/relatedAssets/46681e5b-fb4c-45bf-a19b-990ded5bc71b.gif„¯Y•:7/relatedAssets/722538bd-6535-4406-8c6c-c1e5170c4063.gif‹Ç%ž%7/relatedAssets/938e20ba-8457-4f6c-83a0-e428a15c3e70.gifŠ-::DataSpace/NameList<(::DataSpace/Storage/MSCompressed/Content’Š-‚Ìh,::DataSpace/Storage/MSCompressed/ControlDataT )::DataSpace/Storage/MSCompressed/SpanInfoL/::DataSpace/Storage/MSCompressed/Transform/List<_::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/i::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/ResetTable”×X3::Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/¿Ëß
d
—	„q^K8&CÄSãpUUncompressedMSCompressedFXìŒ¡Ù±^
V¿æî3«LZXCHH<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Troubleshooting Active Directory Domains and Trusts</maml:title><maml:introduction>
<maml:para>This section describes a few issues that you might encounter when you use ActiveÂ Directory Domains and Trusts to manage domains and trusts.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>What problem are you having?</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Clients are not able to access resources in a domain outside the forest</maml:linkText><maml:uri href="mshelp://windows/?id=0011ec45-8051-41b2-b8ef-30b9161d3223#BKMK_1"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>There are trust errors between servers and workstations</maml:linkText><maml:uri href="mshelp://windows/?id=0011ec45-8051-41b2-b8ef-30b9161d3223#BKMK_2"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>There are trust errors between WindowsÂ NTÂ 4.0 domains and Active Directory domains</maml:linkText><maml:uri href="mshelp://windows/?id=0011ec45-8051-41b2-b8ef-30b9161d3223#BKMK_3"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section address="BKMK_1">
<maml:title>Clients are not able to access resources in a domain outside the forest.</maml:title><maml:introduction>
<maml:para><maml:phrase>Cause:</maml:phrase>  A failure occurred on the external trust between the domains.</maml:para>

<maml:para><maml:phrase>Solution:</maml:phrase>  Reset and verify the trust between the domains. For a trust to be reset successfully, the domain controller that holds the primary domain controller (PDC) emulator operations master role (also known as flexible single master operations or FSMO) must be available.</maml:para>

<maml:para></maml:para>
</maml:introduction></maml:section>

<maml:section address="BKMK_2">
<maml:title>There are trust errors between servers and workstations.</maml:title><maml:introduction>
<maml:para><maml:phrase>Cause:</maml:phrase>  There is incorrect time synchronization between domain controllers or workstations, the server might be down, or the trust relationship might be broken.</maml:para>

<maml:para><maml:phrase>Solution:</maml:phrase>  Run the command-line tool Netdom to verify, reset, or establish the trust between computers. This command-line tool performs batch management of trusts, verifies trusts, and secures channels between computers. It can also join computers to domains. For more information, see <maml:navigationLink><maml:linkText>Verify a Trust</maml:linkText><maml:uri href="mshelp://windows/?id=574bd0d8-1816-4d1e-bb78-61ffbd84ee34"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section>

<maml:section address="BKMK_3">
<maml:title>There are trust errors between WindowsÂ NTÂ 4.0 domains and Active Directory domains.</maml:title><maml:introduction>
<maml:para><maml:phrase>Cause:</maml:phrase>  Automatic trust password resets for the trust may not reach the PDC emulator master role holder.</maml:para>

<maml:para><maml:phrase>Solution:</maml:phrase>  Run Netdom to verify, reset, or establish trust between computers. This command-line tool performs batch management of trusts, verifies trusts, and secures channels between computers. It can also join computers to domains. If this does not help solve the issue, see article Q317178 in the Microsoft Knowledge Base (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=4441</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=4441"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Active Directory Domains and Trusts</maml:title><maml:introduction>
<maml:para>Active DirectoryÂ® Domains and Trusts is the Microsoft Management Console (MMC) snap-in that you can use to administer domain trusts, domain and forest functional levels, and user principal name (UPN) suffixes.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Domains and Forests</maml:linkText><maml:uri href="mshelp://windows/?id=ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Forest Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=fb14e09d-f63b-4341-a8cf-0cad098888c4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Troubleshooting Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=0011ec45-8051-41b2-b8ef-30b9161d3223"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Resources for Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=791d01b9-2b81-446f-a4ae-75a5a1241a7e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>User Interface: Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=04c5a443-d7b3-4cc1-932f-c720a8e9cb41"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>User Interface: Active Directory Domains and Trusts</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Raise Forest Functional Level Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=0c97d612-762b-4bba-a158-036c1497446c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change Forest Dialog Box</maml:linkText><maml:uri href="mshelp://windows/?id=c88ba049-2635-4cc8-8f00-76cbeefe18b8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Active Directory Domains and Trusts - UPN Suffixes Tab</maml:linkText><maml:uri href="mshelp://windows/?id=14b8a443-1d98-45a6-b3fa-74b80fc44519"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Domain Properties - Trusts Tab</maml:linkText><maml:uri href="mshelp://windows/?id=e1ed9885-3d41-4ef4-999a-bfa40d54808e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trusts Properties - General Tab</maml:linkText><maml:uri href="mshelp://windows/?id=5378c53f-ef40-4cdd-96a6-911ba6056083"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Trust Properties - Name Suffix Routing Tab</maml:linkText><maml:uri href="mshelp://windows/?id=471131f7-9aa2-4f3b-ad0b-03caf9a9ea07"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>SID Filtering Dialog Box - Securing External Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=2e8f3ff1-225c-46e4-9061-e758df8befa4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Raise the Domain Functional Level</maml:title><maml:introduction>
<maml:para>When you install Active Directory Domain Services (ADÂ DS) on a server running Windows ServerÂ 2008Â R2, a set of basic ActiveÂ Directory features is enabled by default. In addition to the basic ActiveÂ Directory features on individual domain controllers, there are new domain-wide and forest-wide ActiveÂ Directory features available when all domain controllers in a domain or forest are running Windows ServerÂ 2008Â R2.</maml:para>

<maml:para>For the new domain-wide features to be enabled, all domain controllers in the domain must be running Windows ServerÂ 2008Â R2, and the domain functional level must be raised to Windows ServerÂ 2008Â R2.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To raise the domain functional level</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain for which you want to raise functional level, and then click <maml:ui>Raise Domain Functional Level</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Select an available domain functional level</maml:ui>, do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To raise the domain functional level to WindowsÂ ServerÂ 2008, click <maml:ui>WindowsÂ ServerÂ 2008</maml:ui>, and then click <maml:ui>Raise</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To raise the domain functional level to Windows ServerÂ 2008Â R2, click <maml:ui>WindowsÂ ServerÂ 2008Â R2</maml:ui>, and then click <maml:ui>Raise</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Do not raise the domain functional level to a later version (such as Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2) if you have or will have any domain controllers running earlier versions of WindowsÂ Server. </maml:para>
</maml:alertSet>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>After you set the domain functional level to a certain value, you cannot roll back or lower the domain functional level, with one exception: when you raise the domain functional level to Windows ServerÂ 2008Â R2 and if the forest functional level is Windows ServerÂ 2008 or lower, you have the option of rolling the domain functional level back to Windows ServerÂ 2008. You can lower the domain functional level only from Windows ServerÂ 2008Â R2 to Windows ServerÂ 2008. If the domain functional level is set to Windows ServerÂ 2008Â R2, it cannot be rolled back, for example, to WindowsÂ ServerÂ 2003. 
</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>You can also raise the domain functional level by right-clicking a domain in the ActiveÂ Directory Users and Computers snap-in, and then clicking <maml:ui>Raise Domain Functional Level</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The current domain functional level is displayed under <maml:ui>Current domain functional level</maml:ui> in the <maml:ui>Raise domain functional level</maml:ui> dialog box.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in ADÂ DS, or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem><maml:para>You can also perform the task in this procedure by using the ActiveÂ Directory module for WindowsÂ PowerShellâ„¢. To open the Active Directory module, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Module for Windows PowerShell</maml:ui>. For more information, see Raise the Domain Functional Level (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=137825</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=137825"></maml:uri></maml:navigationLink>). For more information about WindowsÂ PowerShell, see WindowsÂ PowerShell (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=102372</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=102372"></maml:uri></maml:navigationLink>).
</maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Domains and Forests</maml:linkText><maml:uri href="mshelp://windows/?id=ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Raise Forest Functional Level Dialog Box</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Forest name</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the name of the selected forest. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Current forest functional level</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the current setting of the forest functional level. </maml:para>

<maml:para>After you set this option to a certain value, you cannot roll back or lower the forest functional level, with one exception: when you raise the forest functional level to Windows ServerÂ 2008Â R2 and if ActiveÂ Directory Recycle Bin is not enabled, you have the option of rolling the forest functional level back to Windows ServerÂ 2008. You can lower the forest functional level only from Windows ServerÂ 2008Â R2 to Windows ServerÂ 2008. If the forest functional level is set to Windows ServerÂ 2008Â R2, it cannot be rolled back, for example, to WindowsÂ ServerÂ 2003.
</maml:para>

<maml:para>The functional level of a domain or forest only defines the set of Windows operating systems that can run on domain controllers. It does not define the client operating systems that are supported in the forest. </maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=04c5a443-d7b3-4cc1-932f-c720a8e9cb41"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Active Directory Domains and Trusts - UPN Suffixes Tab</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Alternative UPN Suffixes</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Provides a space for you to type the name of the alternative user principal name (UPN) suffix. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Add</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to add the alternative UPN suffix. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Remove</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to remove the selected alternative UPN suffix. </maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=04c5a443-d7b3-4cc1-932f-c720a8e9cb41"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Create a Forest Trust</maml:title><maml:introduction>
<maml:para>Before you create forest trusts between domains, it is important to verify that the Domain Name System (DNS) server in your environment is properly set up and configured to accept future trust relationships. Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic, return to this topic after you review the conceptual topic so that you can proceed with the remaining tasks in this checklist. </maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Task</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Ensure that DNS is set up properly. </maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Verify a zone delegation using the nslookup command (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92715</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92715"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If there is a root DNS server that can be the root DNS server for both of the forest DNS namespaces, make it the root server by ensuring that the root zone contains delegations for each of the DNS namespaces. Also, update the root hints of all DNS servers with the new root DNS server. </maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Update root hints on the DNS server (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92717</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92717"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If there is no shared root DNS server and the root DNS servers for each forest DNS namespace are running a Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 operating system, configure DNS conditional forwarders in each DNS namespace to route queries for names in the other namespace.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Configure DNS server forwarders (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92718</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92718"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If there is no shared root DNS server and the root DNS servers for each forest DNS namespace are not running a Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 operating system, configure DNS secondary zones in each DNS namespace to route queries for names in the other namespace.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Add a secondary server for an existing zone (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92719</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92719"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Create the forest trust.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a Forest Trust</maml:linkText><maml:uri href="mshelp://windows/?id=828a249f-9fd5-405f-9cd7-0657de4065a4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Create a Shortcut Trust</maml:title><maml:introduction>
<maml:para>You can use the ActiveÂ Directory Domains and Trusts snap-in to create shortcut trusts.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase>, or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Creating a shortcut trust</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using the Windows interface</maml:linkText><maml:uri href="mshelp://windows/?id=2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b#BKMK_winui"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using a command line</maml:linkText><maml:uri href="mshelp://windows/?id=2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b#BKMK_cmd"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section address="BKMK_winui"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To create a shortcut trust using the Windows interface</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>ActiveÂ Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain node for the domain that you want to establish a shortcut trust with, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, click <maml:ui>New Trust</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trust Name</maml:ui> page, type the Domain Name System (DNS) name (or NetBIOS name) of the domain, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Direction of Trust</maml:ui> page, do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To create a two-way shortcut trust, click <maml:ui>Two-way</maml:ui>.</maml:para>

<maml:para>Users in this domain and users in the specified domain will be able to use this trust path.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To create a one-way incoming shortcut trust, click <maml:ui>One-way:incoming</maml:ui>.</maml:para>

<maml:para>Users in the specified domain will not be able to use this trust path.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To create a one-way outgoing shortcut trust, click <maml:ui>One-way:outgoing</maml:ui>.</maml:para>

<maml:para>Users in this domain will not be able to use this trust path.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Continue to follow the instructions in the wizard.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in ActiveÂ Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you have the appropriate administrative credentials for each domain, you can create both sides of a shortcut trust at the same time by clicking <maml:ui>Both this domain and the specified domain</maml:ui> on the <maml:ui>Sides of Trust</maml:ui> page. </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_cmd"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To create a shortcut trust using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open a command prompt. To open a command prompt, click <maml:ui>Start</maml:ui>, click <maml:ui>Run</maml:ui>, type <maml:userInput>cmd</maml:userInput>, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the following command, and then press ENTER: </maml:para>

<dev:code>netdom trust &lt;TrustingDomainName&gt; /d:&lt;TrustedDomainName&gt; /add</dev:code>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>netdom trust</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Manages or verifies the trust relationship between domains.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustingDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the DNS name (or NetBIOS name) of the trusting domain in the trust that is being created.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/d:</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies that the DNS domain name that follows is a trusted domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustedDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the DNS name (or NetBIOS name) of the domain that will be trusted in the trust being created.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies that a trust be created.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:</maml:para>

<dev:code>netdom trust | more </dev:code>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in ADÂ DS, or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support. You can verify shortcut trusts, external trusts, and forest trusts, but not realm trusts.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You can use other parameters to assign a password or determine the direction of the trust. For example, to make the trust in this procedure a two-way, transitive trust, use the following syntax: </maml:para>

<dev:code>netdom trust &lt;TrustingDomainName&gt; /d: &lt;TrustedDomainName&gt; /add /twoway</dev:code>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>SID Filtering Dialog Box - Securing External Trusts</maml:title><maml:introduction>
<maml:para>To improve the security of ActiveÂ Directory forests, domain controllers running Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 enable security identifier (SID) filtering by default on all new, outgoing, external trusts. When SID filtering is applied to outgoing external trusts, malicious users who have domain-administrator-level access in the trusted domain are more likely to be prevented from grantingâ€”to themselves or to other user accounts in their domainâ€”elevated user rights to the trusting domain.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Understanding the threat</maml:title><maml:introduction>
<maml:para>When SID filtering is not enabled on outgoing external trusts, a malicious user with administrative credentials in the trusted domain may be able to "sniff" network authentication requests from the trusting domain to obtain the SID information of a user, such as a domain administrator, who has full access to resources in the trusting domain.</maml:para>

<maml:para>After obtaining the domain administrator's SID from the trusting domain, a malicious user with administrative credentials can add that SID to a user account's <maml:phrase>SIDHistory</maml:phrase> attribute in the trusted domain and attempt to gain full access to the trusting domain and the resources in that domain. In this scenario, a malicious user who has domain administrator credentials in the trusted domain is a threat to the entire trusting forest. </maml:para>

<maml:para>SID filtering helps neutralize the threat of malicious users in the trusted domain using the <maml:phrase>SIDHistory</maml:phrase> attribute to gain elevated privileges.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>How SID filtering works</maml:title><maml:introduction>
<maml:para>When security principals are created in a domain, the domain SID is included in the security principal's SID to identify the domain in which the security principal was created. The domain SID is an important characteristic of a security principal because the Windows security subsystem uses it to verify the security principal's authenticity.</maml:para>

<maml:para>In a similar fashion, outgoing external trusts that are created from the trusting domain use SID filtering to verify that incoming authentication requests from security principals in the trusted domain contain only the SIDs of security principals in the trusted domain. This is accomplished through a comparison of the SIDs of the incoming security principal to the domain SID of the trusted domain. If any of the security principal SIDs includes a domain SID other than the SID from the trusted domain, the trust removes the offending SID.</maml:para>

<maml:para>SID filtering helps ensure that any misuse of the <maml:phrase>SIDHistory</maml:phrase> attribute on security principals (including inetOrgPerson) in the trusted forest cannot pose a threat to the integrity of the trusting forest.</maml:para>

<maml:para>The <maml:phrase>SIDHistory</maml:phrase> attribute can be useful to domain administrators when they migrate user accounts and group accounts from one domain to another. Domain administrators can add SIDs from an old user account or group account to the <maml:phrase>SIDHistory</maml:phrase> attribute of the new, migrated account. By doing this, domain administrators give the new account the same level of access to resources as the old account.</maml:para>

<maml:para>If domain administrators cannot use the <maml:phrase>SIDHistory</maml:phrase> attribute in this way, they have to track down and reapply permissions for the new account on each network resource that the old account had access to. </maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Impact of SID filtering</maml:title><maml:introduction>
<maml:para>SID filtering on external trusts can affect your existing ActiveÂ Directory infrastructure in the following two areas:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>SID history data that contains SIDs from any domain other than the trusted domain is removed from authentication requests that are made from the trusted domain. This results in access being denied to resources that have the user's old SID.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Your strategy for universal group access control between forests will require changes.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>When you enable SID filtering, users who use SID history data for authorization to resources in the trusting domain no longer have access to those resources.</maml:para>

<maml:para>If you typically assign universal groups from a trusted forest to access control lists (ACLs) on shared resources in the trusting domain, SID filtering has a major impact on your access control strategy. Because universal groups must adhere to the same SID filtering guidelines as other security principal objects (that is, the universal group object SID must also contain the domain SID), verify that any universal groups that are assigned to shared resources in the trusting domain were created in the trusted domain. If the universal group in the trusted forest was not created in the trusted domainâ€”even though it may contain users from the trusted domain as membersâ€”authentication requests from members of that universal group will be filtered and discarded. Therefore, before you assign access to resources in the trusting domain for users in the trusted domain, confirm that the universal group that contains the trusted domain users was created in the trusted domain.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>External trusts that are created from domain controllers running WindowsÂ 2000 Service PackÂ 3 (SP3) or earlier do not enforce SID filtering by default. To further secure your forest, consider enabling SID filtering on all existing external trusts that were created by domain controllers running WindowsÂ 2000Â SP3 or earlier. You can do this by using Netdom.exe to enable SID filtering on existing external trusts or by recreating these external trusts from a domain controller running Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You cannot turn off the default behavior that enables SID filtering for newly created external trusts.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For more information about configuring SID filtering settings (disabling or reapplying them), see Configuring SID Filter Quarantining on External Trusts (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92778</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92778"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=04c5a443-d7b3-4cc1-932f-c720a8e9cb41"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Remove a Trust</maml:title><maml:introduction>
<maml:para>You can use the Active Directory Domains and Trust snap-in to remove trusts.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Removing a trust</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using the Windows interface</maml:linkText><maml:uri href="mshelp://windows/?id=36b61c6d-d4b8-4e1e-bd78-db8204285408#BKMK_winui"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using a command line</maml:linkText><maml:uri href="mshelp://windows/?id=36b61c6d-d4b8-4e1e-bd78-db8204285408#BKMK_cmd"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section address="BKMK_winui"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To remove a trust using the Windows interface</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>ActiveÂ Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain that contains the trust that you want to remove, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, under either <maml:ui>Domains trusted by this domain (outgoing trusts)</maml:ui> or <maml:ui>Domains that trust this domain (incoming trusts)</maml:ui>, click the trust to be removed, and then click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one of the following, and then click <maml:ui>OK</maml:ui>:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Click <maml:ui>No, remove the trust from the local domain only</maml:ui>.</maml:para>

<maml:para>If you select this option, we recommend that you repeat this procedure for the reciprocal domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Click <maml:ui>Yes, remove the trust from both the local domain and the other domain</maml:ui>.</maml:para>

<maml:para>If you select this option, you must type a user account and password with administrative credentials for the reciprocal domain.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in ActiveÂ Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>It is not possible to revoke the default two-way, transitive trusts between domains in a forest. It is possible to delete explicitly created shortcut trusts.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_cmd"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To remove a trust using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open a command prompt. To open a command prompt, click <maml:ui>Start</maml:ui>, click <maml:ui>Run</maml:ui>, type <maml:userInput>cmd</maml:userInput>, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the following command, and then press ENTER: </maml:para>

<dev:code>netdom trust &lt;TrustingDomainName&gt; /d:&lt;TrustedDomainName&gt; /remove /UserD:&lt;User&gt; /PasswordD:*&lt;Password&gt;</dev:code>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>netdom trust</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Manages or verifies trust relationships between domains.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustingDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the Domain Name System (DNS) name of the trusting domain in the trust that is being removed.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/d:</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies that the DNS domain name that follows is a trusted domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustedDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the DNS name of the domain that is trusted in the trust that is being removed.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/remove</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies that a trust be removed.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;User&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the user account with administrative credentials for the reciprocal domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/UserD:</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the user account that is used to make the connection with the trusted domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/PasswordD:*</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The password of the user account that is specified by <maml:computerOutputInline>/UserD</maml:computerOutputInline>.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;Password&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the password for the user account with administrative credentials for the reciprocal domain.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:</maml:para>

<dev:code>netdom trust | more </dev:code>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in ADÂ DS, or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support. You can verify trusts for shortcut trusts, external trusts, and forest trusts but not realm trusts.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trust Properties - Name Suffix Routing Tab</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Name suffixes in the &lt;DNS name&gt; forest:</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Suffix</maml:ui>: A list of name suffixes in the local forest. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Routing</maml:ui>: Specifies the routing status of the corresponding name suffix. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Status</maml:ui>: Specifies the status (conflicts, whether the name suffix is newly created, and so on) of the corresponding name suffix. </maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Enable</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to set the routing status of the selected name suffix to Enabled. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Disable</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to set the routing status of the selected name suffix to Disabled. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Refresh</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to refresh the list of name suffixes in the local forest. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Edit</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to exclude name suffixes from routing to the local forest. </maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=04c5a443-d7b3-4cc1-932f-c720a8e9cb41"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Trusts Properties - General Tab</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para><maml:ui>This Doman:</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Displays the fully qualified domain name (FQDN) of the domain that is the current focus of the ActiveÂ Directory Domains and Trusts snap-in. </maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Other Domain:</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays the FQDN of the other domain in the selected trust relationship.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Trust type</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the type of the selected trust relationship.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>The other domain supports Kerberos AES Encryption</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies whether the other domain in the selected trust relationship supports Kerberos AES Encryption. </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Advanced Encryption Standard (AES) is a new encryption algorithm that has been standardized by the National Institute of Standards and Technology (NIST) and is expected to be widely used in the next several years. For more information about Kerberos authentication, see Kerberos Explained (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=85494</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=85494"></maml:uri></maml:navigationLink>).</maml:para>
</maml:alertSet>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Direction of trust</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the direction of the selected trust relationship.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Transitivity of trust</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies whether the selected trust relationship is transitive.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Validate</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to confirm or reset the selected trust relationship.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Save As</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to save a file with the details about the status of the names that is associated with the selected trust relationship.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=04c5a443-d7b3-4cc1-932f-c720a8e9cb41"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Verify a Trust</maml:title><maml:introduction>
<maml:para>You can use the ActiveÂ Directory Domains and Trusts snap-in to verify whether the newly added shortcut, external, and forest trusts were created successfully. </maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Verifying a trust</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using the Windows interface</maml:linkText><maml:uri href="mshelp://windows/?id=574bd0d8-1816-4d1e-bb78-61ffbd84ee34#BKMK_winui"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using a command line</maml:linkText><maml:uri href="mshelp://windows/?id=574bd0d8-1816-4d1e-bb78-61ffbd84ee34#BKMK_cmd"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section address="BKMK_winui"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To verify a trust using the Windows interface</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>ActiveÂ Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain that contains the trust that you want to verify, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, under either <maml:ui>Domains trusted by this domain (outgoing trusts)</maml:ui> or <maml:ui>Domains that trust this domain (incoming trusts)</maml:ui>, click the trust to be verified, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Validate</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Do one of the following, and then click <maml:ui>OK</maml:ui>:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Click <maml:ui>No, do not validate the incoming trust</maml:ui>.</maml:para>

<maml:para>If you select this option, we recommend that you repeat this procedure for the reciprocal domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Click <maml:ui>Yes, validate the incoming trust</maml:ui>.</maml:para>

<maml:para>If you select this option, you must type a user account and password with administrative credentials for the reciprocal domain.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in ActiveÂ Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You can verify trusts for shortcut trusts, external trusts, and forest trusts, but not realm trusts.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_cmd"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To verify a trust using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open a command prompt. To open a command prompt, click <maml:ui>Start</maml:ui>, click <maml:ui>Run</maml:ui>, type <maml:userInput>cmd</maml:userInput>, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the following command, and then press ENTER: </maml:para>

<dev:code>netdom trust &lt;TrustingDomainName&gt; /d:&lt;TrustedDomainName&gt; /verify</dev:code>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>netdom trust</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Managers or verifies the trust relationship between domains.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustingDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the Domain Name System (DNS) name of the trusting domain in the trust that is being verified.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/d:</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies that the DNS domain name that follows is the trusted domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustedDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the DNS name of the domain that is trusted in the trust that is being verified.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/verify</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Verifies that the trust is operating properly.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:</maml:para>

<dev:code>netdom trust | more </dev:code>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in ADÂ DS, or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You can verify trusts for shortcut, external, and forest trusts but not realm trusts.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Trust Types</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Trust Types</maml:title><maml:introduction>
<maml:para>You can use the New Trust Wizard or the Netdom command-line tool to create four types of trusts: external trusts, realm trusts, forest trusts, and shortcut trusts. The following table describes these trust types.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Trust type</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Transitivity</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Direction</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>External</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Nontransitive</maml:para>
</maml:entry>
<maml:entry>
<maml:para>One-way or two-way</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Use external trusts to provide access to resources that are located on a WindowsÂ NTÂ 4.0 domain or a domain that is located in a separate forest that is not joined by a forest trust. For more information, see <maml:navigationLink><maml:linkText>Understanding When to Create an External Trust</maml:linkText><maml:uri href="mshelp://windows/?id=d50bbb29-2ae1-4d47-bdb3-dc47efc111cf"></maml:uri></maml:navigationLink>. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Realm</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Transitive or nontransitive</maml:para>
</maml:entry>
<maml:entry>
<maml:para>One-way or two-way</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Use realm trusts to form a trust relationship between a non-Windows Kerberos realm and a Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 domain. For more information, see <maml:navigationLink><maml:linkText>Understanding When to Create a Realm Trust</maml:linkText><maml:uri href="mshelp://windows/?id=9e88fe6b-2c8c-4c1a-bc78-21e807eecbba"></maml:uri></maml:navigationLink>.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Forest</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Transitive </maml:para>
</maml:entry>
<maml:entry>
<maml:para>One-way or two-way</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Use forest trusts to share resources between forests. If a forest trust is a two-way trust, authentication requests that are made in either forest can reach the other forest. For more information, see <maml:navigationLink><maml:linkText>Understanding When to Create a Forest Trust</maml:linkText><maml:uri href="mshelp://windows/?id=79feb454-7529-4742-9f39-5d6c0696e6c1"></maml:uri></maml:navigationLink>.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Shortcut</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Transitive </maml:para>
</maml:entry>
<maml:entry>
<maml:para>One-way or two-way</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Use shortcut trusts to improve user logon times between two domains within a Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 forest. This is useful when two domains are separated by two domain trees. For more information, see <maml:navigationLink><maml:linkText>Understanding When to Create a Shortcut Trust</maml:linkText><maml:uri href="mshelp://windows/?id=6d35ab81-0b60-4425-8c95-46f676d1ea69"></maml:uri></maml:navigationLink>.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>When you create external trusts, shortcut trusts, realm trusts, or forest trusts, you have the option to create each side of the trust separately or both sides of a trust simultaneously. </maml:para>

<maml:para>If you choose to create each side of the trust separately, you must run the New Trust Wizard twiceâ€”once for each domain. When you create trusts using the method, you must supply the same trust password for each domain. As a security best practice, all trust passwords should be strong passwords. For more information, see Strong passwords (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92697</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92697"></maml:uri></maml:navigationLink>).</maml:para>

<maml:para>If you choose to create both sides of the trust simultaneously, you run the New Trust Wizard once. When you choose this option, a strong trust password is automatically generated for you. You must have the appropriate administrative credentials for the domains between which you are creating the trust.</maml:para>

<maml:para>For more information about trusts, see <maml:navigationLink><maml:linkText>Understanding Trust Transitivity</maml:linkText><maml:uri href="mshelp://windows/?id=80ae74bb-ccdd-4448-91f3-0038de553d9d"></maml:uri></maml:navigationLink> and <maml:navigationLink><maml:linkText>Understanding Trust Direction</maml:linkText><maml:uri href="mshelp://windows/?id=a43bb3e4-77b3-4b2e-adbd-d154b346781a"></maml:uri></maml:navigationLink>. </maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual>GIF89a’æ&&YYB™™rffL??/33&¿¿²²…_ÌÌ™¥¥|ŒŒiLL9	rrV™ffŸoo¥yy¬‚‚²ŒŒO??¹––¿ŸŸÆ©©Ì³³Ò¼¼ÙÆÆßÏÏæÙÙìããóììùööÿÿÿõõõðððïïïëëëâââàààßßßÐÐÐÏÏÏÆÆÆÅÅÅÂÂÂÀÀÀ¿¿¿°°°¯¯¯   ŸŸŸ•••‚‚‚€€€yyyuuupppooohhhfffccc```___PPPOOOFFFBBB@@@???000///&&&   ,’ÿ€DRƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜…MR!žŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²Ÿƒ³¶·¸¹º»¼½¹µ¾ÁÂÃÄÅÆ¸ÀÇÊËÌÍÎ²ÉÏÒÓÔÕÄÑÖÙÚÛÜ¦ØÝàáâÎßãæçè¿œéìíî¬åïòóíñô÷øÝöùüýÏûþ
p Áƒ·
"\Èp•Â†#†z(±"DŠ3Ä¨±£?ŽCÞ)²¤;’&SžC©²%8–.ÑfÀPpìðaU
)LFð³	Ð¬u¥òxå«2ˆËáBÏS8Ð™h,¤H}í;!åƒ ª B€ 5Õµÿ<˜âQ )Nñy…v]2£Ñþ†0:±SXPG$8ÐÀÅ©Ö®mîd
F¥(› A€#]+ë;Ø°éÒ¨=ùE-zµ(
t¤T
’/gØÍ»·ïßÀƒÞwîµ˜CÐ9ÆzE#íººj`œ\_/$Š	‚æ	È"òñóèÓ«_Ï¾=z	@|‚-»¹&Ñÿ©>m5ÿ´
€—ÀP%ÊœGqF(¡pÆ]¶A(#xg`p5Ï^¯pwÝ~†]‰§¥ØÉ	P°a<ØfÞdSI×(8Ôµ¡MÑ¢<A0°ábx™ò°5UÿÈ7
‹.ÉÀ>J‘
0¤g ‚†sU)C¹åsŽÉó£;I0wf41„e}[Þ÷¡•
ÉðÀ–Í!€CmòÙ\‡jâ¹ÐQ, hg„"TÃž‹&À£‚õŠ:.Êc^eig u’¥ÀÙ§gD×§1–&;kžc‚Š±êj§PLc¥™à%@Ä”N¬â˜ÐÃ
"¬"Â
=˜ ìJ¤öc,²,Ûì³ãÛÍ´Éºb³Ø¾->ÜÆòm5"~uÊ¸áh«M¹²œ;
XÂ¸kŒ½ÕÀ;‹µÝêGâ_µF/a…U‰¾¶ˆpl¿ÍP÷Šþi'à‰ ÿµº ¼ŒÃjGXv*’Hñ@Ö–Ð‹ÆÓýûp«I,r¡$3îÉ7L°‰*§ö1Ä&²«ÏèÈÊá2ƒ/3BCtÑÓ=NÒÃ,Íô5N‡51ROÌÑÆ\]LÖZóÂ51^vØêÐC‚
ecl9 MµC7‡˜”BBH±ÃµÔ´0ˆ
&Àé?>Ó+VÈ¡¼Ð@MÌ<
€„ILü)
F¤álXÀ}
üË¡(1Às/T£¸<`ƒH6J¸C²rË³×
Š
 D5M8Ð™QàQV“^^xì+§¸³Ë†‡BBQ†7Ã4¸ƒG€š@¨ÆÃž|ÇÉ3ÿòÿ'BÞÁ›‚“¯Œ)ÊóÑ/Ö@é‘¥¥ü¯]øÍ‚•¸|íñPÜýšS€¸ˆ@f`Q÷}¢™jŽî4’ðÐæuíÝ†î‚‚P 0IXà+lä@œÊ@0à( BsH L¥˜“PrTMÕ“ö<¡–ÜˆÐÇIN'ˆ`¦E¡ƒ¡èaÇ±––‚	¾3PñôÇøm‰1¥ë¡{¶˜ÌœŽO ( “›%Š#7hR(ô´%ÙŒå”ä>0.Ú1=¨€›ÞD¿ÛœÇŒá8“Ø‡E
éRHÑ!@A¥nzd<Î[qž	l`”šP<Ràÿ“ ¥(GIÊRšò”¦LO8Ð‰É±K£¹a34¸(4Ax!8C‹Ü\ 3Ï3ä¢RÝñ˜ÈL¦/¯B8R<“å2r©~Æœ$+ À¤1å ‚‚â`'"	—˜óœèL§:×ÉÎvº³hT£'Ê)Qªc›…?<$~‚dÅØ:“U˜‘¤$t †ža5=„OivÍæcU°Ã`ä€¸ôÄ— :Ž_Ž"PŸºËàbQ²Ý`	“h‚ÜdÁF~¦iâhÛL{!JÜ³^-
†NéFC¥k§ºÈgµd†Œñ%Õ©Ù8ªÝîÔ¯TuCÿ…‡€–ÎíÇv™ãFóÄÕ{]5YÕêW¿wÚ¥FEg}ê¿ÀÂ9ZxÎ¨ÌFZÕjÙéìDâ++58æW•q±ÔÆ^ùê×ÆBl¬Û ì÷zÖWÄÆÕJE
ø¶‹£öÏc€àeå
¾ÒZt£mEfM1ƒ©Dõêdÿ÷ÖžÖ®Öh-`‹ÛŠB·¼ímjYÜà>Ë·Ÿ(®q……ÜN(w¹1¹m
ù\èúãGX©j‡K
HáÕMÉ¤@¿A
T²ê2˜0€a·ÂRÂv,ÝŠ/Ü€€'<“ÒI ì„ßc@‰QMI0”><jP	¦Ûÿ1èù»¹‚ìF<UáŸª"Ÿ•¨RbÂ"ÒŸÑ^s¸‡Ùü~ŠB¤"S9%Ô"›`« ³ÝbìwC€¥Hb='YÎ.ØãaxCh2I¾³![J„>[¢a“…Aá!8$9(Ð–ˆÙQyHSü°‹C<$-{ÐãS?âJA±XÍÃ€± Òœ!qKeÈ“ùtßTàëÇ‹r£F)(,.¤Ë¯”°/Ýè"e„–‹šàAØÌ§ÔÇÐÜ…ô¢nj³êÓ3J?eOPû‚ÓŽäqDÌ*ô…ÔÞDœÖÅ]Jä¯!1 ’ÑÖ\ëØÆn²-ÿ"UÌzƒ$ i¶jyíb •ª™…,imÁ&ÄÛÙ74È±Uºv·}Ý·¹]îíhns_ýÜPÚ½¹s(Ý!÷ZM
·JÚìÞwaÿX½ ß[}¬írðÂÒOëž¶ÀgÚÚVŸ
§¸¿ûo„;¶àg,[GŽZq·+gŽØìl(0”»»4¨øv[®ñÊÖ¶ÞU¢yi)sÑ^V?_vØ-t—½è*9:ÒM¢ô¥‹¤éN÷Ô£®‘©SÙA¿zt³®õ–X½ëá:Ø™.ö±?½ìf—:ÚÓ^õµ³ëo¿ú×ã.¹Óý#n¿{Cì®÷Ðôé|ÿ»Á¿ìÀþ†?<¯o])ä-¼ä'OùÊ[þò’B ;<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding When to Create a Shortcut Trust</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>When to create a shortcut trust</maml:title><maml:introduction>
<maml:para>Shortcut trusts are one-way or two-way, transitive trusts that administrators can use to optimize the authentication process. </maml:para>

<maml:para>Authentication requests must first travel a trust path between domain trees. In a complex forest this can take time, which you can reduce with shortcut trusts. A trust path is the series of domain trust relationships that authentication requests must traverse between any two domains. Shortcut trusts effectively shorten the path that authentication requests travel between domains that are located in two separate domain trees. For more information about trust paths, see <maml:navigationLink><maml:linkText>Understanding Trust Direction</maml:linkText><maml:uri href="mshelp://windows/?id=a43bb3e4-77b3-4b2e-adbd-d154b346781a"></maml:uri></maml:navigationLink>. </maml:para>

<maml:para>Shortcut trusts are necessary when many users in a domain regularly log on to other domains in a forest. Using the following illustration as an example, you can form a shortcut trust between domainÂ B and domainÂ D, between domainÂ A and domainÂ 1, and so on.</maml:para>

<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=46681e5b-fb4c-45bf-a19b-990ded5bc71b" mimeType="image/gif"><maml:summary>Shortcut trusts in a forest</maml:summary></maml:objectUri></maml:embedObject></maml:para>

<maml:para>For more information about how to create a shortcut trust, see <maml:navigationLink><maml:linkText>Create a Shortcut Trust</maml:linkText><maml:uri href="mshelp://windows/?id=2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b"></maml:uri></maml:navigationLink>. </maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Using one-way trusts</maml:title><maml:introduction>
<maml:para>A one-way, shortcut trust that is established between two domains in separate domain trees can reduce the time that is necessary to fulfill authentication requestsâ€”but in only one direction. For example, when a one-way, shortcut trust is established between domainÂ A and domainÂ B, authentication requests that are made in domainÂ A to domainÂ B can use the new one-way trust path. However, authentication requests that are made in domainÂ B to domainÂ A must still travel the longer trust path.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Using two-way trusts</maml:title><maml:introduction>
<maml:para>A two-way, shortcut trust that is established between two domains in separate domain trees reduces the time that is necessary to fulfill authentication requests that originate in either domain. For example, when a two-way trust is established between domainÂ A and domainÂ B, authentication requests that are made from either domain to the other domain can use the new, two-way trust path.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Domain and Forest Functionality</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Domain and forest functionality</maml:title><maml:introduction>
<maml:para>Domain and forest functionality, which is available in WindowsÂ ServerÂ®Â 2008Â R2 ActiveÂ Directory Domain Services (ADÂ DS), provides a way to enable domain-wide features or forest-wide ActiveÂ Directory features in your network environment. Different levels of domain functionality and forest functionality are available, depending on your network environment.</maml:para>

<maml:para>If all the domain controllers in your domain or forest are running Windows ServerÂ 2008Â R2 and the domain and forest functional level is set to Windows ServerÂ 2008Â R2, all domain-wide features and forest-wide features are available. When your domain or forest contains WindowsÂ®Â 2000, WindowsÂ ServerÂ 2003, or Windows ServerÂ 2008 domain controllers, ActiveÂ Directory features are limited. For more information about how to enable domain-wide features or forest-wide features, see <maml:navigationLink><maml:linkText>Raise the Domain Functional Level</maml:linkText><maml:uri href="mshelp://windows/?id=0b564360-4440-4dfb-bcda-a3f20406de88"></maml:uri></maml:navigationLink> and <maml:navigationLink><maml:linkText>Raise the Forest Functional Level</maml:linkText><maml:uri href="mshelp://windows/?id=991d570b-7d58-42bb-ad11-12045ebe1ec5"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Domain functionality</maml:title><maml:introduction>
<maml:para>Domain functionality enables features that affect the entire domain and that domain only. In Windows ServerÂ 2008Â R2 ADÂ DS, four domain functional levels are available: WindowsÂ 2000Â native, WindowsÂ ServerÂ 2003 (the default), Windows ServerÂ 2008, and Windows ServerÂ 2008Â R2. </maml:para>

<maml:para>The following table lists the domain functional levels and their corresponding supported domain controllers:</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Domain functional level</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Domain controllers supported</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Windows 2000 native</maml:para>
</maml:entry>
<maml:entry><maml:para>Windows 2000Â Server</maml:para>
<maml:para>WindowsÂ ServerÂ 2003</maml:para>

<maml:para>Windows ServerÂ 2008</maml:para>

<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry></maml:row>
<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2003</maml:para>
</maml:entry>
<maml:entry>
<maml:para>WindowsÂ ServerÂ 2003</maml:para>

<maml:para>Windows ServerÂ 2008</maml:para>

<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2008</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Windows ServerÂ 2008</maml:para>

<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>When you raise the domain functional level, domain controllers running earlier operating systems cannot be introduced into the domain. For example, if you raise the domain functional level to Windows ServerÂ 2008Â R2, you cannot add domain controllers running Windows ServerÂ 2008 to the domain.</maml:para>

<maml:para>The following table describes the domain-wide features that are enabled for the Windows ServerÂ 2008Â R2 ADÂ DS domain functional levels.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Domain functional level</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Enabled features</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>


<maml:row>
<maml:entry>
<maml:para>WindowsÂ 2000 native</maml:para>
</maml:entry>
<maml:entry>
<maml:para>All default ActiveÂ Directory features and the following features:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Universal groups are enabled for both distribution groups and security groups.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Group nesting.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Group conversion is enabled, which makes conversion possible between security groups and distribution groups.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Security identifier (SID) history.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2003</maml:para>
</maml:entry>
<maml:entry>
<maml:para>All default ActiveÂ Directory features, all features from the WindowsÂ 2000 native domain functional level, plus the following features:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>The availability of the domain management tool, Netdom.exe, to prepare for domain controller rename.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Update of the logon time stamp. The <maml:phrase>lastLogonTimestamp</maml:phrase> attribute is updated with the last logon time of the user or computer. This attribute is replicated within the domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The ability to set the <maml:phrase>userPassword</maml:phrase> attribute as the effective password on the inetOrgPerson object and user objects.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The ability to redirect Users and Computers containers. By default, two well-known containers are provided for housing computer and user/group accounts: cn=Computers,&lt;domain root&gt; and cn=Users,&lt;domain root&gt;. This feature makes it possible to define a new well-known location for these accounts.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Authorization Manager can store its authorization policies in ADÂ DS.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Constrained delegation is included, which makes it possible for applications to take advantage of the secure delegation of user credentials by means of the Kerberos authentication protocol. You can configure delegation to be allowed only to specific destination services.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Selective authentication is supported, which makes it possible to specify the users and groups from a trusted forest who are allowed to authenticate to resource servers in a trusting forest. </maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2008</maml:para>
</maml:entry>
<maml:entry>
<maml:para>All default ActiveÂ Directory features, all features from the WindowsÂ ServerÂ 2003 domain functional level, plus the following features:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Distributed File System Replication support for SYSVOL, which provides more robust and detailed replication of SYSVOL contents.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Advanced Encryption Services (AESÂ 128 and 256) support for the Kerberos authentication protocol. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Last Interactive Logon Information, which displays the time of the last successful interactive logon for a user, from what workstation, and the number of failed logon attempts since the last logon.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Fine-grained password policies, which make it possible for password policies and account lockout policies to be specified for users and global security groups in a domain.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry>
<maml:entry>
<maml:para>All default ActiveÂ Directory features, all features from the Windows ServerÂ 2008 domain functional level, plus the following features:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Authentication mechanism assurance, which packages information about the type of logon method (smart card or user name/password) that is used to authenticate domain users inside each userâ€™s Kerberos token. When this feature is enabled in a network environment that has deployed a federated identity management infrastructure, such as ActiveÂ Directory Federation Services (ADÂ FS), the information in the token can then be extracted whenever a user attempts to access any claims-aware application that has been developed to determine authorization based on a userâ€™s logon method.</maml:para></maml:listItem>

</maml:list>
</maml:entry></maml:row>
</maml:table>
</maml:introduction></maml:section><maml:section>
<maml:title>Forest functionality</maml:title><maml:introduction>
<maml:para>Forest functionality enables features across all the domains in your forest. Four forest functional levels are available in Windows ServerÂ 2008Â R2 operating system: WindowsÂ 2000, WindowsÂ ServerÂ 2003 (default), Windows ServerÂ 2008, and Windows ServerÂ 2008Â R2. </maml:para>

<maml:para>The following table lists the forest functional levels available in Windows ServerÂ 2008Â R2 operating system and their corresponding supported domain controllers.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Forest functional level</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Domain controllers supported</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>WindowsÂ 2000</maml:para>
</maml:entry>
<maml:entry>
<maml:para>WindowsÂ NTÂ®Â 4.0</maml:para>

<maml:para>WindowsÂ 2000</maml:para>

<maml:para>WindowsÂ ServerÂ 2003</maml:para>

<maml:para>Windows ServerÂ 2008</maml:para>

<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2003 (default)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>WindowsÂ ServerÂ 2003</maml:para>

<maml:para>Windows ServerÂ 2008</maml:para>

<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2008</maml:para>

</maml:entry>
<maml:entry>
<maml:para>Windows ServerÂ 2008</maml:para><maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2008Â R2</maml:para>

</maml:entry>
<maml:entry>
<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>When you raise the forest functional level, domain controllers running earlier operating systems cannot be introduced into the forest. For example, if you raise the forest functional level to Windows ServerÂ 2008Â R2, domain controllers running Windows ServerÂ 2008 cannot be added to the forest.</maml:para>

<maml:para>The following table describes the forest-wide features that are enabled for the WindowsÂ ServerÂ 2003, Windows ServerÂ 2008, and Windows ServerÂ 2008Â R2 forest functional levels.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Forest functional level</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Enabled features</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2003</maml:para>
</maml:entry>
<maml:entry>
<maml:para>All default ActiveÂ Directory features, plus the following features:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Forest trust</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Domain rename</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Linked-value replication (Changes in group membership store and replicate values for individual members instead of replicating the entire membership as a single unit.) This results in lower network bandwidth and processor usage during replication and eliminates the possibility of lost updates when different members are added or removed concurrently at different domain controllers.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The ability to deploy a read-only domain controller (RODC) that runs Windows ServerÂ 2008.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Improved Knowledge Consistency Checker (KCC) algorithms and scalability. The intersite topology generator (ISTG) uses improved algorithms that scale to support forests with a greater number of sites than can be supported at the WindowsÂ 2000 forest functional level. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The ability to create instances of the dynamic auxiliary class called <maml:phrase>dynamicObject</maml:phrase> in a domain directory partition.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The ability to convert an inetOrgPerson object instance into a User object instance, and the reverse.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The ability to create instances of the new group types, called application basic groups and Lightweight Directory Access Protocol (LDAP) query groups, to support role-based authorization.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Deactivation and redefinition of attributes and classes in the schema. </maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2008</maml:para>
</maml:entry>
<maml:entry>
<maml:para>This functional level provides all of the features that are available at the WindowsÂ ServerÂ 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest, however, will operate at the Windows ServerÂ 2008 domain functional level by default.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Windows ServerÂ 2008Â R2</maml:para>
</maml:entry>
<maml:entry><maml:para>All of the features that are available at the WindowsÂ ServerÂ 2003 forest functional level, plus the following features:</maml:para>
<maml:list class="unordered">
<maml:listItem><maml:para>Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while ADÂ DS is running.</maml:para></maml:listItem>

</maml:list>
<maml:para>All domains that are subsequently added to the forest will operate at the Windows ServerÂ 2008Â R2 domain functional level by default.</maml:para>
<maml:para>If you plan to include only domain controllers that run Windows ServerÂ 2008Â R2 in the entire forest, you might choose this forest functional level for administrative convenience. If you do, you will never have to raise the domain functional level for each domain that you create in the forest.</maml:para>
</maml:entry>
</maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Domains and Forests</maml:linkText><maml:uri href="mshelp://windows/?id=ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Trusts</maml:title><maml:introduction>
<maml:para>You can use Active Directory Domains and Trusts to manage domain trusts.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=9ef8c5ac-341e-4473-963b-32b67ff58c29"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Trust Types</maml:linkText><maml:uri href="mshelp://windows/?id=6472046a-30dd-4dc9-92e0-450cebdafc90"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Trust Direction</maml:linkText><maml:uri href="mshelp://windows/?id=a43bb3e4-77b3-4b2e-adbd-d154b346781a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Trust Transitivity</maml:linkText><maml:uri href="mshelp://windows/?id=80ae74bb-ccdd-4448-91f3-0038de553d9d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding When to Create an External Trust</maml:linkText><maml:uri href="mshelp://windows/?id=d50bbb29-2ae1-4d47-bdb3-dc47efc111cf"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding When to Create a Shortcut Trust</maml:linkText><maml:uri href="mshelp://windows/?id=6d35ab81-0b60-4425-8c95-46f676d1ea69"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding When to Create a Realm Trust</maml:linkText><maml:uri href="mshelp://windows/?id=9e88fe6b-2c8c-4c1a-bc78-21e807eecbba"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a Shortcut Trust</maml:linkText><maml:uri href="mshelp://windows/?id=2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create an External Trust</maml:linkText><maml:uri href="mshelp://windows/?id=72bf4a7d-660e-489f-b475-bea95e8d126c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a Realm Trust</maml:linkText><maml:uri href="mshelp://windows/?id=845f4f62-9231-44f6-ac76-572da9d09321"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Verify a Trust</maml:linkText><maml:uri href="mshelp://windows/?id=574bd0d8-1816-4d1e-bb78-61ffbd84ee34"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Remove a Trust</maml:linkText><maml:uri href="mshelp://windows/?id=36b61c6d-d4b8-4e1e-bd78-db8204285408"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Select the Scope of Authentication for Users</maml:linkText><maml:uri href="mshelp://windows/?id=7a01372b-6eb1-4175-b9ff-8c330a616021"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Create an External Trust</maml:title><maml:introduction>
<maml:para>You can use the ActiveÂ Directory Domains and Trusts snap-in to create external trusts.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase>, or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Creating an external trust</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using the Windows interface</maml:linkText><maml:uri href="mshelp://windows/?id=72bf4a7d-660e-489f-b475-bea95e8d126c#BKMK_winui"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using a command line</maml:linkText><maml:uri href="mshelp://windows/?id=72bf4a7d-660e-489f-b475-bea95e8d126c#BKMK_cmd"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section address="BKMK_winui"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To create an external trust using the Windows interface</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>ActiveÂ Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain node for the domain that you want to establish a trust with, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, click the <maml:ui>New Trust</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trust Name</maml:ui> page, type the Domain Name System (DNS) name (or NetBIOS name) of the domain, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trust Type</maml:ui> page, click <maml:ui>External trust</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Direction of trust</maml:ui> page, do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To create a two-way, external trust, click <maml:ui>Two-way</maml:ui>.</maml:para>

<maml:para>Users in this domain and users in the specified domain will be able to access resources in either domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To create a one-way, incoming external trust, click <maml:ui>One-way:incoming</maml:ui>.</maml:para>

<maml:para>Users in the specified domain will not be able to access any resources in this domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To create a one-way, outgoing external trust, click <maml:ui>One-way:outgoing</maml:ui>.</maml:para>

<maml:para>Users in this domain will not be able to access any resources in the specified domain.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Continue to follow the instructions in the wizard.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in ActiveÂ Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you have the appropriate administrative credentials for each domain, you can create both sides of an external trust at the same time by clicking <maml:ui>Both this domain and the specified domain</maml:ui> on the <maml:ui>Sides of Trust</maml:ui> page. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you want to allow users from the specified domain to obtain access to all the resources in this domain, click <maml:ui>Allow authentication for all resources</maml:ui> on the <maml:ui>Outgoing Trust Properties</maml:ui> page. Use this option when both domains belong to the same organization.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you want to restrict users in the specified domain from obtaining access to any of the resources in this domain, click <maml:ui>Allow authentication only for selected resources in the local domain</maml:ui> on the <maml:ui>Outgoing Trust Properties</maml:ui> page. Use this option when each domain belongs to a separate organization.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_cmd"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To create an external trust using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open a command prompt. To open a command prompt, click <maml:ui>Start</maml:ui>, click <maml:ui>Run</maml:ui>, type <maml:userInput>cmd</maml:userInput>, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the following command, and then press ENTER: </maml:para>

<dev:code>netdom trust &lt;TrustingDomainName&gt; /d:&lt;TrustedDomainName&gt; /add</dev:code>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>netdom trust</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Manages or verifies the trust relationship between domains.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustingDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the DNS name (or NetBIOS name) of the trusting domain in the trust that is being created.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/d:</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies that the DNS domain name that follows is a trusted domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustedDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the DNS name (or NetBIOS name) of the domain that will be trusted in the trust that is being created.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies that a trust be created.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:</maml:para>

<dev:code>netdom trust | more </dev:code>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in ADÂ DS, or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support. You can verify trusts for shortcut, external, and forest trusts but not realm trusts.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You can use other parameters to assign a password or determine the direction of the trust. For example, to make a two-way, transitive trust, use the following syntax: </maml:para>

<dev:code>netdom trust &lt;TrustingDomainName&gt; /d:&lt;TrustedDomainName&gt; /add /twoway </dev:code>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Resources for Active Directory Domains and Trusts</maml:title><maml:introduction>
<maml:para>For more information about objects that you manage with ActiveÂ Directory Domains and Trusts, see the following resources on the Microsoft Web site:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>For information about read-only domain controllers, see Read-Only Domain Controllers Step-by-Step Guide (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92728</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92728"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For more information about the Kerberos protocol, see Kerberos Explained (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=85494</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=85494"></maml:uri></maml:navigationLink>). </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For more information about strong passwords, see Strong passwords: How to create and use them (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=58293</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=58293"></maml:uri></maml:navigationLink>). </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For more information about zone properties, see Configuring Zone Properties (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92779</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92779"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For more information about updating root hints on the DNS server, see Update Root Hints on the DNS Server (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92717</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92717"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For more information about DNS server forwarders, see Configure DNS server forwarders (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92718</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92718"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For more information about adding a secondary server to an existing zone, see Add a secondary server for an existing zone (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92719</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92719"></maml:uri></maml:navigationLink>). </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding When to Create a Forest Trust</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>When to create a forest trust</maml:title><maml:introduction>
<maml:para>You can create a forest trust only between a forest root domain in one Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 forest and a forest root domain in another Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 forest. Creating a forest trust between two Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 forests provides a one-way or two-way, transitive trust relationship between every domain that resides within each forest. Forest trusts are useful for application service providers, organizations undergoing mergers or acquisitions, collaborative business extranets, and organizations seeking a solution for administrative autonomy.</maml:para>

<maml:para>For more information about creating forest trusts, see <maml:navigationLink><maml:linkText>Create a Forest Trust</maml:linkText><maml:uri href="mshelp://windows/?id=828a249f-9fd5-405f-9cd7-0657de4065a4"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Using one-way, forest trusts</maml:title><maml:introduction>
<maml:para>A one-way, forest trust between two forests allows members of the trusted forest to use resources that are located in the trusting forest. However, the trust operates in only one direction. For example, when a one-way, forest trust is created between forestÂ A (the trusted forest) and forestÂ B (the trusting forest), members of forestÂ A can access resources that are located in forestÂ B, but members of forestÂ B cannot access resources that are located in forestÂ A, using the same trust. </maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Using two-way, forest trusts</maml:title><maml:introduction>
<maml:para>A two-way, forest trust between two forests allows members from either forest to use resources that are located in the other forest, and domains in each respective forest trust domains in the other forest implicitly. For example, when a two-way, forest trust is established between forestÂ A and forestÂ B, members of forestÂ A can access resources that are located in forestÂ B, and members of forestÂ B can access resources in forestÂ A, using the same trust. </maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Select the Scope of Authentication for Users</maml:title><maml:introduction>
<maml:para>You can use the ActiveÂ Directory Domains and Trusts snap-in to specify the scope of authentication for users that are authenticating through external trusts or forest trusts.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To select the scope of authentication using the Windows interface</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>ActiveÂ Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain node for the domain that you want to administer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, under either <maml:ui>Domains trusted by this domain (outgoing trusts)</maml:ui> or <maml:ui>Domains that trust this domain (incoming trusts)</maml:ui>, do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To select the scope of authentication for users that are authenticating through an external trust, click the external trust that you want to administer, and then click <maml:ui>Properties</maml:ui>. On the <maml:ui>Authentication</maml:ui> tab, click either <maml:ui>Domain-wide authentication</maml:ui> or <maml:ui>Selective authentication</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To select the scope of authentication for users that are authenticating through a forest trust, click the forest trust that you want to administer, and then click <maml:ui>Properties</maml:ui>. On the <maml:ui>Authentication</maml:ui> tab, click either <maml:ui>Forest-wide authentication</maml:ui> or <maml:ui>Selective authentication</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in Active Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For an external trust, if you select <maml:ui>Selective authentication</maml:ui>, you must enable permissions manually on the local domain and on the resource to which you want users in the external domain to have access.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For a forest trust, if you select <maml:ui>Selective authentication</maml:ui>, you must enable permissions manually on each domain and resource in the local forest to which you want users in the second forest to have access.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You can use selective authentication only on external trusts and forest trusts.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Exclude Name Suffixes from Routing to a Local Forest</maml:title><maml:introduction>
<maml:para>You can use the Active Directory Domains and Trusts snap-in to exclude name suffixes from routing to a local forest.</maml:para>

<maml:para>Name suffix routing is a mechanism that you can use to manage how authentication requests are routed across Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 forests that are joined by forest trusts. To simplify the administration of authentication requests, when you create a forest trust all unique name suffixes are routed by default. A unique name suffix is a name suffix within a forest, such as a user principal name (UPN) suffix, service principal name (SPN) suffix, or Domain Name System (DNS) forest or domain tree name that is not subordinate to any other name suffix.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To exclude name suffixes from routing to a local forest</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>ActiveÂ Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain node for the domain that you want to administer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, under either <maml:ui>Domains trusted by this domain (outgoing trusts)</maml:ui> or <maml:ui>Domains that trust this domain (incoming trusts)</maml:ui>, click the forest trust that you want to administer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Name Suffix Routing</maml:ui> tab. Under <maml:ui>Name suffixes in the x.x. forest</maml:ui>, click the unique name suffix for which you want to exclude the routing status, and then click <maml:ui>Edit</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Name suffixes to exclude from routing to x.x</maml:ui>, click <maml:ui>Add</maml:ui>, type a DNS name suffix that is subordinate to the unique name suffix, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group  or Enterprise Admins group in ActiveÂ Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>When you exclude a name suffix, all children of that DNS name will also be excluded.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To view a log of name suffixes, DNS names, NetBIOS names, and the status that is associated with this trust, click <maml:ui>Save As</maml:ui>. This log can assist you in troubleshooting authentication problems.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual>GIF89a’æ&&YYB™™rffL??/33&¿¿²²…_ÌÌ™¥¥|ŒŒiLL9	rrV™ffŸoo¥yy¬‚‚²ŒŒ¿ŸŸÆ©©Ì³³Ò¼¼ÙÆÆæÙÙóììùööÿÿÿöööðððïïïìììãããàààßßßÙÙÙÐÐÐÏÏÏÆÆÆÀÀÀ¿¿¿¼¼¼³³³°°°¯¯¯©©©   ŸŸŸ–––ŒŒŒ‚‚‚€€€yyypppooofff```___PPPOOO@@@???000///   ,’ÿ€@Iƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜…FIžŸ ¡¢£¤¥¦§¨©ª«¬®¯°±²Ÿƒ³¶·¸¹º»¼½¹µ¾ÁÂÃÄÅÆ¸ÀÇÊËÌÍÎ²ÉÏÒÓÔÕÄÑÖÙÚÛÜ¦ØÝàáâÎßãæçè¿œéìíî¬åïòóíñô÷øÝöùüýÏûþ
p Áƒ·
"\Èp•Â†#†zØpÄ‰¥,ú£È°HƒXyÜ¸ŽY¡Y%IœñàÁŒV.ŒƒPAC*–.ûqÔU2e¯}Žpäƒª P˜	A©ÍRA‡å·óNÉuˆ–uk¹u>?é( A§8`HÚt©¸¦pÿ%d 5¶ìYªa¥ä«ß úö
ü7”‰$ÊHb‚‡à6 ¡²åË˜3kÞÌ¹3fÉq1pu8q‚ÅñUEvu°kOZ†mHTeË2êèßÀƒN¼¸ðš nçN°;ßê„°ÿ¾L]páëa[40°Ü@ƒ£4Pø‚ùóèÓ«_Ï¾½ûô #X	J;÷ÜÞÁß{në$íèÕÑfu^×I,W‘²A‘µÅr&
‚
&À jyEt–À
¦¨•”[á8UÊ‡!&0â~6U‹DuJ2‰C)3†X#=üáÓ-–E@
YdÿGãB¥-‰CQ9¥<AÒ£Ü’Ìñ¶Ð–K6‡å“ÁðÀ}Kð™‰f‘j²ùN–ï|€!—a£@v&ˆ§†zÎIæ@7õ§]$jè¡$ZÏ 
1ÉI*	¥îÐÙŽ'¸‚B	‘"Â
JÄ ¶R/xª(<ÔB:šž#‚
<ð ‚+"äšCª¯z²;zNãœš+°,Ëª«ÁvPÃ²²šƒ,8·:›,9hl3þÅ2¨O18[ì8×r£¬³5À2³Ï’SàO>Kí¬à¤«Mï:û,/À+¾&]å•€ÿçWlr‚À¿†£ï6't»,ÿ°Ø›C§ÿ´&ÝÇóe «.»ÆâL¬M	1œë·¬”Ì/À¼Ì^æÜ0"hð'ËÊ ´C:Ý–À¯®°ô*ëª9]0ÈÓU3a ìð«;´›²ÑòÈÀª'ÃRvÀ2üÃpÂ:#,ÛÈkwPöª(ç¶;Ûà®eGÛÁ©6g£ò39 ÐAÃîÚK¯;„àiG[Ã®¢°6ƒ7‚¯¸ëË
<ä0ìåÁrmƒÅW“932x.(Àëw	¸.û:9w›Óz®5Ü‹å[B¿¶cžû8»ó`Cê¸”0¬ì¯†P»³¾›t¼8öÎŒbSmöu«~}ÿ8ëîPý- óï²5H-ŒŸ¿ï†OÍêË”«?1ÜãáüÖ‰SÅÀ}ýˆâ˜ÏPÜõÂ‹'Åm8À5\zâŽÚßçµ‹ÙŒâƒ Á46AŽ`©¡+pÆ6p¥'^	‹	E!„@ÒÀ€0“[3«ù,@;¤`(bp&ï¨À @‚˜ÔÁh¥`;jzÉáá±¶(6=ó	E‘Å”ÅFp†ˆ”+F«(Ë¦±š5:ÑjQ$¡°•€´p(4Mà,–,§I|œàÚºr54^
+ìD"—CD#*£ÿ‡
€1Ò#Å4 ‘œ(T€(ÃÛQU(‘º(h˜R›<¨ø&Å$–Å0‚ŸôC‰¼P‘Ëy‘.ÝÑÆ1 ‹Ä ÁZäDä Ñ.‚»wì€
²ã0²¸Å!Àž\È{¹ü`™ìØd‘@b|“KåB†€8²›íXå’A_1\RÀ/b&<9 AÖk/ñ´€"CøS17âI™7‘àQ<åÓ*ˆ%žÔTPêP
å¦2ø§‹{Ât¡¼0BUÑtúã…
8Tà¥™Š”Yœ„+w¡JXÓ¥”Ø“^ŽêÁª¢ƒ¦èÿà<D04®àÂÀª,–f¿q«o¯Z•
HªcÏcÞ;,ÖÕ`m.W`å…X]±´e‰+“dT	`¥e2´N•NdÊ¤³ÖÚVpÀu±â¤UFÖ	—M~×,kF6=¼†Õ¼è+»" ¬Ôâ†Ñ¹ 
A‘½³Î4d;ãË^p8Ø'^Œ¥W7Xð¼öU°ŒN,í%}–—äÅ³a.Õ°–ÆQä%{'Æ^Y‘e9‰Ê5cf Õ~¢WËÚØÔ¸kÆØ’7/JïØªWÐöâ'«iË»\(vW³ÈU±jÐR½—¾mÛ¡m=Q²Àõ_Òuï. æ*ÞÊÕ!“ôcÿa,ÅÚæà¸ˆaÛŠÚún÷mO¬
(‡1¤¡*ÁÜ01°,ÔÉ€rÑ#pè›Ï‚`Cðýºæ	Ðx!9ö‹+hcYÔ w†ÈªVð8ó½JÅÃó2Š‹Þž8"{Þu#Òº¥NÙðŠÁ<ßb$årO¨Ü,éØ ôX^bY5«£Xü‚+
#øØgÈfWìnË‘Þh_¥Þ—Ý™2Ë{bY)‡*ÎŽþ2¤sU×P`X–U¯\ãjÀÑá——£uêGOã“Öœ%Â)W7cA©UðTþ@?()´*~$Yµ1HB	ÿƒ$@ÂFÅðÏª¶Ñ~ëhN‚ý<vÉª8 K'£õÒ=þÕ,ªãš<xÐ šEŸ*¢¸ÍŒ%7’ê«0š…S"HìwtMèf`“•!UJßôÌP³ï<÷2ÎÉmFK§álÀ%âíîTûÓ=ÐNÄc‡Jš!#âÈ)±àÊHw†®$r†ˆ¥)ewÖ
òh‹ÂÞåLyQ#bÓ"¶4ú³ááóPÜŸÀnÈA‘™!Q2ä˜K)ÓAñ"m("ü^Ò¸p±O…‰MÿDÇ¹¤u„À’j%BìcR´ Ý2ç’¹"Ì?-æß¹—CpÿT`èB…$B„(ÔºD‡"êÝ‰qƒ¨"Äæ‡§?tÎ%ï ÂÇf†”: LÂîªyèWÿYÖ»žCÐFì)j»
)Î°".†í±‹û ei¾>ºðÛp%Çï=4`‹°Ëæi×+ó1)[ZÐúÆ/y/[yù©¯Ï‹µzdw:Âðt›(~æ“ÿmøüáæþŒì§?…ï;^wÿFY©ð{ÿõG#`Â—2Ø~öbÙ`HhxTEA”4ˆ^ªGdÜ2õ7\¹w
¶€ÔG~á{Ñ÷z*Ø^+Ø‚ø—‚.ƒñ'ƒ4X{0Xƒ8H^9¸ƒcÄƒ>R?„F%„D(‚Ex„ÁwƒHˆƒ¸„1Ø„NØ‚P…*8…TèzVx…«—…Zxl\Ø…Uõ…`H@b8†ÑR†fø*Ià™Ð†nø†p‡r8‡t‡H;<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Trust Transitivity</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Trust transitivity</maml:title><maml:introduction>
<maml:para>Transitivity determines whether a trust can be extended outside the two domains between which the trust was formed. You can use a transitive trust to extend trust relationships with other domains. You can use a nontransitive trust to deny trust relationships with other domains. </maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Transitive trust</maml:title><maml:introduction>
<maml:para>Each time that you create a new domain in a forest, a two-way, transitive trust relationship is automatically created between the new domain and its parent domain. If child domains are added to the new domain, the trust path flows upward through the domain hierarchy, extending the initial trust path that is created between the new domain and its parent domain. </maml:para>

<maml:para>Transitive trust relationships flow upward through a domain tree as it is formed, creating transitive trusts between all domains in the domain tree. </maml:para>

<maml:para>Authentication requests follow these trust paths. Therefore, accounts from any domain in the forest can be authenticated at any other domain in the forest. With a single logon process, accounts with the proper permissions can access resources in any domain in the forest. </maml:para>

<maml:para>In addition to the default transitive trusts that are established in a Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 forest, by using the New Trust Wizard you can manually create the following transitive trusts: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Shortcut trust</maml:phrase>: A transitive trust between a domain in the same domain tree or forest that shortens the trust path in a large and complex domain tree or forest. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Forest trust</maml:phrase>: A transitive trust between a forest root domain and a second forest root domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Realm trust</maml:phrase>: A transitive trust between an ActiveÂ Directory domain and a KerberosÂ V5 realm. For more information about KerberosÂ V5 realms, see KerberosÂ V5 authentication (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92699</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92699"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>
</maml:list>

<maml:para>The following illustration shows a two-way, transitive trust relationship between the DomainÂ A tree and the DomainÂ 1 tree. All domains in the DomainÂ A tree and all domains in the DomainÂ 1 tree have transitive trust relationships by default. As a result, users in the DomainÂ A tree can access resources in domains in the DomainÂ 1 tree, and users in the DomainÂ 1 tree can access resources in the DomainÂ A tree when the proper permissions are assigned at the resource. </maml:para>

<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=1f6970c2-62d3-482d-a78a-451d4333f511" mimeType="image/gif"><maml:summary>A two-way, transitive trust path connects domains</maml:summary></maml:objectUri></maml:embedObject></maml:para>

<maml:para>For more information about trust types, see <maml:navigationLink><maml:linkText>Understanding Trust Types</maml:linkText><maml:uri href="mshelp://windows/?id=6472046a-30dd-4dc9-92e0-450cebdafc90"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Nontransitive trust</maml:title><maml:introduction>
<maml:para>A nontransitive trust is restricted by the two domains in the trust relationship. It does not flow to any other domains in the forest. A nontransitive trust can be a two-way trust or a one-way trust. Nontransitive trusts are one-way by default, although you can also create a two-way relationship by creating two one-way trusts. </maml:para>

<maml:para>In summary, nontransitive domain trusts are the only form of trust relationship that is possible between the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>A Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 domain and a WindowsÂ NT domain</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>A Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 domain in one forest and a domain in another forest (when the forests are not joined by a forest trust)</maml:para>
</maml:listItem>
</maml:list>

<maml:para>You can use the New Trust Wizard to manually create the following nontransitive trusts:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>External trust</maml:phrase>: A nontransitive trust between a Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 domain and a WindowsÂ NT domain or a WindowsÂ 2000 domain, WindowsÂ ServerÂ 2003 domain, Windows ServerÂ 2008, or a Windows ServerÂ 2008Â R2 domain in another forest. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Realm trust</maml:phrase>: A nontransitive trust between an ActiveÂ Directory domain and a Kerberos versionÂ 5Â (V5) realm. For more information about KerberosÂ V5 realms, see KerberosÂ V5 authentication (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92699</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92699"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>
</maml:list>

<maml:para>For more information about trust types, see <maml:navigationLink><maml:linkText>Understanding Trust Types</maml:linkText><maml:uri href="mshelp://windows/?id=6472046a-30dd-4dc9-92e0-450cebdafc90"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Create a Forest Trust</maml:title><maml:introduction>
<maml:para>You can use the ActiveÂ Directory Domains and Trusts snap-in to create trust relationships between domains.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To create a forest trust</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>ActiveÂ Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain that you want to administer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, click <maml:ui>New trust</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trust Name</maml:ui> page, type the Domain Name System (DNS) name (or NetBIOS name) of the domain, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trust Type</maml:ui> page, click <maml:ui>Forest trust</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Direction of Trust</maml:ui> page, do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To create a two-way, forest trust, click <maml:ui>Two-way</maml:ui>.</maml:para>

<maml:para>Users in this forest and users in the specified forest will be able to access resources in either forest.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To create a one-way, incoming forest trust, click <maml:ui>One-way:incoming</maml:ui>.</maml:para>

<maml:para>Users in the specified forest will not be able to access any resources in this forest.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To create a one-way, outgoing forest trust, click <maml:ui>One-way:outgoing</maml:ui>.</maml:para>

<maml:para>Users in this forest will not be able to access any resources in the specified forest.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Continue to follow the instructions in the wizard.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in ActiveÂ Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you have the appropriate administrative credentials for each forest, you can create both sides of a forest trust at the same time by clicking <maml:ui>Both this domain and the specified domain </maml:ui>on the <maml:ui>Sides of Trust</maml:ui> page. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you want users from the specified forest to have access to all computers in the local forest, on the <maml:ui>Outgoing Trust Properties</maml:ui> page, click <maml:ui>Forest-wide authentication</maml:ui>. This option is preferred when both forests belong to the same organization.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you want to selectively limit authentication to particular users and groups from the specified forest, on the <maml:ui>Outgoing Trust Properties</maml:ui> page, click <maml:ui>Selective authentication</maml:ui>. This option is preferred if the specified forest belongs to a separate organization.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>In addition to creating new trusts, you can modify existing trusts by clicking the <maml:ui>Trust</maml:ui> tab.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Create a Forest Trust</maml:linkText><maml:uri href="mshelp://windows/?id=230ae7d6-352d-41d6-880d-f02052f6996c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Create a Realm Trust</maml:title><maml:introduction>
<maml:para>You can use the ActiveÂ Directory Domains and Trusts snap-in to create realm trusts.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Creating a realm trust</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using the Windows interface</maml:linkText><maml:uri href="mshelp://windows/?id=845f4f62-9231-44f6-ac76-572da9d09321#BKMK_winui"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Using a command line</maml:linkText><maml:uri href="mshelp://windows/?id=845f4f62-9231-44f6-ac76-572da9d09321#BKMK_cmd"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section address="BKMK_winui"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To create a realm trust using the Windows interface</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>ActiveÂ Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain that you want to administer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, click <maml:ui>New trust</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trust Name</maml:ui> page, type the realm name for the target realm, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trust Type</maml:ui> page, select the <maml:ui>Realm trust</maml:ui> option, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Transitivity of Trust</maml:ui> page, do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To form a trust relationship with the domain and the specified realm, click <maml:ui>Nontransitive</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To form a trust relationship with the domain and the specified realm and all trusted realms, click <maml:ui>Transitive</maml:ui>, and then click <maml:ui>Next</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Direction of Trust</maml:ui> page, do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To create a two-way, realm trust, click <maml:ui>Two-way</maml:ui>.</maml:para>

<maml:para>Users in this domain and users in the specified realm will be able to access resources in either domain or realm.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To create a one-way, incoming realm trust, click <maml:ui>One-way:incoming</maml:ui>. </maml:para>

<maml:para>Users in the specified realm will not be able to access any resources in this domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To create a one-way, outgoing realm trust, click <maml:ui>One-way:outgoing</maml:ui>.</maml:para>

<maml:para>Users in this domain will not be able to access any resources in the specified realm.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Continue to follow the instructions in the wizard.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in ActiveÂ Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_cmd"><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To create a realm trust using a command line</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open a command prompt. To open a command prompt, click <maml:ui>Start</maml:ui>, click <maml:ui>Run</maml:ui>, type <maml:userInput>cmd</maml:userInput>, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the following command, and then press ENTER: </maml:para>

<dev:code>netdom trust &lt;TrustingDomainName&gt; /d:&lt;TrustedDomainName&gt; /add /realm /PasswordT:&lt;NewRealmTrustPassword&gt;</dev:code>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Parameter</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>netdom trust</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Manages or verifies trust relationships between domains.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustingDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the Domain Name System (DNS) name of the trusting domain in the new realm trust.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/d:</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies that the DNS domain name that follows is a trusted domain.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;TrustedDomainName&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the DNS name of the domain that will be trusted in the new realm trust.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/add</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies that a trust be created.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/realm</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Indicates that the trust is to be created to a non-Windows Kerberos realm.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>/PasswordT:</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the new trust password. This parameter is valid only if one of the domains specified is a non-Windows Kerberos realm.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>&lt;NewRealmTrustPassword&gt;</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies the trust password for the new realm trust. This password must match the password that is used in the Kerberos realm.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:</maml:para>

<dev:code>netdom trust | more </dev:code>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in ADÂ DS, or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support. You can verify shortcut trusts, external trusts, and forest trusts but not realm trusts.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You can use other parameters to assign a password or determine the direction of the trust. For example, to make the previous trust a two-way, transitive trust, use the following syntax: </maml:para>

<dev:code>netdom trust &lt;TrustingDomainName&gt; /d:&lt;TrustedDomainName&gt; /add /realm /twoway</dev:code>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add User Principal Name Suffixes</maml:title><maml:introduction>
<maml:para>You can use ActiveÂ Directory Domains and Trusts to add user principal name (UPN) suffixes for the existing user account. The default UPN suffix for a user account is the Domain Name System (DNS) domain name of the domain that contains the user account. You can add alternative UPN suffixes to simplify administration and user logon processes by providing a single UPN suffix for all users. The UPN suffix is used only within the ActiveÂ Directory forest, and it is not required to be a valid DNS domain name.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To add UPN suffixes</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click <maml:ui>Active Directory Domains and Trusts</maml:ui>, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>UPN Suffixes</maml:ui> tab, type an alternative UPN suffix for the forest, and then click <maml:ui>Add</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat stepÂ 3 to add additional alternative UPN suffixes.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in Active Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>UPN suffixes should conform to DNS conventions for valid characters and syntax.</maml:para>
</maml:listItem>
<maml:listItem><maml:para>You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Module for Windows PowerShell</maml:ui>. For more information, see Add User Principal Name Suffixes (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=137827</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=137827"></maml:uri></maml:navigationLink>). For more information about WindowsÂ PowerShell, see WindowsÂ PowerShell (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=102372</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=102372"></maml:uri></maml:navigationLink>).
</maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Domains and Forests</maml:linkText><maml:uri href="mshelp://windows/?id=ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Raise the Forest Functional Level</maml:title><maml:introduction>
<maml:para>When you install ActiveÂ Directory Domain Services (ADÂ DS) on a server running Windows ServerÂ 2008Â R2, a set of basic ActiveÂ Directory features is enabled by default. In addition to the basic ActiveÂ Directory features on individual domain controllers, there are new domain-wide and forest-wide Active Directory features available when all domain controllers in a domain or forest are running Windows ServerÂ 2008Â R2.</maml:para>

<maml:para>To enable new forest-wide features, all domain controllers in the forest must be running Windows ServerÂ 2008Â R2, and the forest functional level must be raised to Windows ServerÂ 2008Â R2.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To raise the forest functional level</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click <maml:ui>Active Directory Domains and Trusts</maml:ui>, and then click <maml:ui>Raise Forest Functional Level</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Select an available forest functional level</maml:ui>, do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To raise the forest functional level to WindowsÂ ServerÂ 2008, click <maml:ui>WindowsÂ ServerÂ 2008</maml:ui>, and then click <maml:ui>Raise</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To raise the forest functional level to Windows ServerÂ 2008Â R2, click <maml:ui>WindowsÂ ServerÂ 2008Â R2</maml:ui>, and then click <maml:ui>Raise</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:alertSet class="caution"><maml:title>Caution </maml:title>
<maml:para>Do not raise the forest functional level to Windows ServerÂ 2008Â R2 if you have or will have any domain controllers running Windows ServerÂ 2008 or earlier. </maml:para>
</maml:alertSet>

<maml:alertSet class="important"><maml:title>Important </maml:title>
<maml:para>After you set the forest functional level to a certain value, you cannot roll back or lower the forest functional level, with one exception: when you raise the forest functional level to Windows ServerÂ 2008Â R2 and if ActiveÂ Directory Recycle Bin is not enabled, you have the option of rolling the forest functional level back to Windows ServerÂ 2008. You can lower the forest functional level only from Windows ServerÂ 2008Â R2 to Windows ServerÂ 2008. If the forest functional level is set to Windows ServerÂ 2008Â R2, it cannot be rolled back, for example, to WindowsÂ ServerÂ 2003.
</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in ADÂ DS, or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>WindowsÂ ServerÂ 2003 is the minimum domain functional level required for raising the forest functional level to Windows ServerÂ 2008. Likewise, Windows ServerÂ 2008 is the minimum domain functional level required for raising the forest functional level to Windows ServerÂ 2008Â R2. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Before you raise the forest functional level to Windows ServerÂ 2008Â R2, verify that all domains in the forest are set to the domain functional level of Windows ServerÂ 2008. Note that domains that are set to the domain functional level of Windows ServerÂ 2008 will automatically be raised to Windows ServerÂ 2008Â R2 at the same time that the forest functional level is raised to Windows ServerÂ 2008Â R2.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If you are not able to raise the forest functional level, you can click <maml:ui>Save As</maml:ui> in the <maml:ui>Raise Forest Functional Level</maml:ui> dialog box to save a log file that specifies which domain controllers in the forest still need to be upgraded to a later version.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The current forest functional level is displayed under <maml:ui>Current forest functional level</maml:ui> in the <maml:ui>Raise Forest Functional Level</maml:ui> dialog box.</maml:para>
</maml:listItem>

<maml:listItem><maml:para>You can also perform the task in this procedure by using the Active Directory module for Windows PowerShell. To open the Active Directory module, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Module for Windows PowerShell</maml:ui>. For more information, see Raise the Forest Functional Level (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=137826</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=137826"></maml:uri></maml:navigationLink>). For more information about WindowsÂ PowerShell, see WindowsÂ PowerShell (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=102372</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=102372"></maml:uri></maml:navigationLink>).
</maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Domains and Forests</maml:linkText><maml:uri href="mshelp://windows/?id=ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding When to Create a Realm Trust</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>When to create a realm trust</maml:title><maml:introduction>
<maml:para>You can establish a realm trust between any non-Windows KerberosÂ versionÂ 5Â (V5) realm and a Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 domain. This trust relationship allows cross-platform interoperability with security services that are based on other versions of the KerberosÂ V5 protocol, for example, UNIX and MIT implementations. Realm trusts can switch from nontransitive to transitive and back. Realm trusts can also be either one-way or two-way. </maml:para>

<maml:para>For information about how to create a realm trust, see <maml:navigationLink><maml:linkText>Create a Realm Trust</maml:linkText><maml:uri href="mshelp://windows/?id=845f4f62-9231-44f6-ac76-572da9d09321"></maml:uri></maml:navigationLink>. </maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual>GIF89aãº¢ÌÿÌ™™fÌÌ™ÿÿÌ™ffÿÿÿ,ãºÿXºÜþ0ÊI«½8ëÍ»ÿ`(Ždižhª®lë¾p,Ïtý
v®ï|ïÿÀ“`,-rÉT
ŸÍ¨tú€R¯XÊ“˜ízw[åw<
sÉè4*¬nÍV·|~Óï5øÏÇëÅ}k€‚†d‡Š"„q‹e„“[”˜G–…™
›{ž¢y £ž Ž¦ª.¨«”¨—®²)°œ³}µ¡·»¹¶¼r¾ºÀÄ¾ÅwÂ©ÈÌUÂÍmÊ±ÐÔŸÒÕˆÒÃØÀÚÛÜMÞËà»âäWâÓç·é¿ëoíîï§ñóKñãöøúFøêý2ý“ÆÀo$˜ðÆB†
ýŒ˜ãa>ŠbœaÿàÆd?ÂèxQd’M2B™R¥–.i±,ËLˆ53Ül™3ÊNœ=µüÔßÎ¢†ÒDjô'Ó
J=>Õuj¥¨<êÀšu*×¥Z+r
+á«T²[Í¢uf–èZm»öm’¸vÐ=»Ã@¿$^´×ËÂ|_^üÅ`‚3î]‹¸®ŠÇ9d±yAd:•åšmÙq¿ƒQfì9òbÔX¿Ž ›ul˜?°m{·îÞ6H‡%˜EfØ¸S{Æ½\9sæÎO/ß
aõtêÊ÷AÜ0Æî¢Klî[¶ôçÔ¡_¿ý¼szòé[×Ží^xï
ï‡ç,üæíÿèe·ÞuÖAöZº§›oiu÷”~¥ÆžÓ	`s^{ía¨z nÈ‘~LA¸ß_³i(}©!—‚
þöf+¾Xcy7dbQ&F˜—N;öÔcq?r0$~ïId‘WY“’>2	”'’Ce”R6p¥JW.™å”]ŽÖe•RŽI&4fbY¦™¥éåÄ)çœâ&’ÌÜùftöéçŸqF£gDzªÙ tF€èœcz&/ŽZ¢"šE¤Eºg®Ð©šâYN¨¢ºÐçŸRª>¤JªÂ©:XD«ö´ºi°þk¶–jJ¯·¢°ëŒò¬¯¢û(ÿÃ.Q¬XÇZ©ì²<{…µ#FËÍ´Á2+çØŽÄí¶ÜR‹A¸] »B¹æ>Â®«¨ëE¢•KÍ»Ýf /¸ßÞõ.šø¶A¿xìW„!˜Ry¯¢B¯J-l±°ðQÅ8Ì†	Ë2Tgl2Æ&g¼ñLÄuàËbUÂÈs¼’Ë(§,XÊ*'Ì2¤ÁÌóÐ<Ãüs¥O’ôÁ?½&ÀÎEç|²Ï(úÏËDgõÐ/[„t™,TÐX«üÔ:sMuH³\öÖpÇöÚü|`3%w9PÙYÓý¶Æ(@×µÎbr'®øÜÿØ-6&yâŠÓ=Äßÿ‚0xÔ–·ãŠ8”/.úè€w®Œ¾<¶êuþwâ>¯|9Æ‚ ùæD/Ö¸*Þ¼Núï•›~Œý²¾:Ø€î{å— ûÓ·Û®¹Ô¹?¯Í¯Ò,üör[ÿLßFî‰øei£ýâ± þÊÒ=ìÂç2Š2çso?ÜÞ×~³¦&ýÔÛ^úÔ·¾ËEï}ÁK=rQ¿û9pkùkÅø§
ÿ9€4ÛÓX@èMè‹_)’eð„¤¡%$à'^OK¾h`
›ÇÁØpz¿‹à_Q¢ð‡:Sa" FÁþYP/%àcg€ðƒƒS"ó®1	ñŠ¢¢ÿ&«[‘RtàÚÓÁö-fzaŒ›QEXø‹pÜ÷@)pXŽ–ÓÝw;O‹vp*ÒÇBmx©£2zHH1ZÏ†PDc#ñÈ)d†Ìd÷I(L’‰p0ã
'©FNÂšL%þLTfrŒ~;`æpg¿J>Ì'žT¥.sÇÊZåò“fcôÚçÇûÙR`Høå.—y2ùeJ™…ìÜÆ¤7K³—n@…	™ÉM
ê¯•  å	…w >öQœ°s&HÂÙÍvj›vÅ6U);aš(<&²Te	tº‹Çd4SÉ>HšÓŸèƒg£ØùÏv>Më¨.ŸGÿÌ(â¢jpeCU¶L}&‰¡ÿ´§EãøÐofT¢ÜÜÙ3XR“’¤!…$B¨P› t—˜›)÷<O˜nô@©l),NrSzJí¨:ýP%ˆ
nôd8)¨œÊÌ·],ˆ¯œãêƒ®n`A1 êS™¹Ô¾D¬=ä¬šÔ„*ô@ ðªþó2
ÈÕE«&õ¹OR u¯HÕõV:Cž'DvMA}îZcüU¯ô4,bØÑÁ6"§Wäë6ÆÓœÕüÆ5æ±Ñ‹û™V5ñi‘jÀzÁæ³
Õì¥îhÔ¨ùtž',ëP!ÓŸÖ(µ‚‘Š8„ Þ&ç·"’+e˜3¨ÿv§?Ôl_ÅåZzªm9…-©xØw6êxE¤¡Å®G;4*_us¸×=WH\n¥;Ùåjòiî%ç`©™Ùëu;çýozµ“!à’¹Ã-íì;ºJñ½Õënå»Dî†CÚ]Ió«°ýž³¿þ
°/d¡ñ
×¸ï¡ˆ“‹X`ø˜°Õ&ãZ†˜	ôSeK)DüFíž&šn]Z…ˆ7Ÿ
‘Œ£·È¢=nkœÅÙEo4ñ•wê¿8¨t›0GƒxÏbÎ×†£²[œ¶ ¶•jÆ2ð†¼ÛdšÌg;[«	d J×’¼{‚œòªµ<^9ÿso^ë~Ý¼=:×¹)9¾oÂTê3K¸ÌŽ®çV:Ý6øÕóÍÜà`.š¿Ü4<î,iËA¾;ÃtÅ,ÆzZÐ}êg›WPÀñ‘–…õÛ¨]j®šÕ™|Zõž`BYßÎÒ,ý³°·@B§õhüÂÒ×f¤©ª¹s8ÀnwÛ²†pâÝéE¹ûÝðŽ·¼çMïyv×$à†oHì*op©¢$õâØQ0´#Èj„ HËLëh£¢Þ¸Ä'Nñ9]ßMtâÃê|;ÎüN*ÁœÉ½R‰yL7Âµ6r\Wüå0¹Ä±l:oÛÇ¸Í
šsÑµœÈ%ÿÇÇÊÞc…•YÝ—¶$xOº”/cÈÅqòÜšIŸˆÁ…NPÚÎèçúÖ~.UÉ˜aÐë"~Žó(Ž´ØU—z$gJv’‡õ b'úÔÎ–iCÖ½ì ¹Z±Ï&w·÷ÝddûÆ%©a¥Ñ¯xo§Ló~n¶)b!þ¤è4ùÅ™Â²ðgÄçº¿ôl=„òY|MdarIÌ'”¢m‡¢çM}õ>o’$:²ê¬Ë¿[ASû#eÙóàå1öÃœ$é7a”ì²óýù@qúM¤|ž½¶ÁÎmT}ù+¤®ó¡EéwøÕu‡ŸÈç~ß~vÜ·]5	iþÓÕ‹%Ïjÿý§?‡›(ÿått…µVk5L¶—5ûgpÑ4äçpUavé·JX€G‡m¡4yˆ€à÷h23
È=Û÷€ýÇ€”¤h|w€H{í‡u&“€üW_‘Ëä‚ãvRX‚y¶G¢Ç\&ˆn¥D!È0ˆH§WkÄ1‚B„ÝK;hL°¤ƒÃ¤xA1m!ƒ~·ÆfƒDø'Hyõƒ…†…¿w3qQ„Ý„t¡…1¸„³ó|F4¸;$PfØ{G8hP2:x4y(†YÈ4¡Q‡Wˆrøt¨|€õv<ƒ†“A†¤Aˆåw‡iˆˆ‘h…èó‡÷‰ÄÁ‡¥GAÒ÷!‰@ÿäˆÂ16=â‰:ŠN"Šú¡ŠÜämC‚ŠJ¢;É&‹c2[©HŠ¤ƒ‹JÒiÒ5Ô†¬È&õ%¶èw¾¸%$S(FÃlCÓa1³*‘0&Âè@ÄH‰¡Ø:½3ÞhˆÄQzòŒ¯Š6š"90¸ÔßH8ÊÒ$ëˆ/^6ÿRöè18–÷¸`üè0vöìâÉŽÇVãi@°ôÈ9
‘ö2e)‘¼r‘éb‰‘[×‘ÓÂ‘ ¹‘
2’Ú‚D&I’—’Àò%$Ä’!é’29“4Y“6y“8™“:¹“<Ù“>©XÀX1 ”?édLD9	0óU" ZIÿ	”h±”ÀX
rOÉ”²WY`X9b6°•*–TÙXôÑá¥•·áZj9Z,òÄÅ"reVZŸu–d‘.¢ZPF—Àqd ‚d|Y^µ± `©¹\á'–•ŒY!§E˜¿E!oÑ"ŠÙ]%Öò˜™Y^ù_²^’‰`†X¹a˜)b˜Ÿ™b	bZGù”ù¢Yd{9#ç‹é™ãÅ•ª0›þÑ˜¥I^–•ei`ÁÉb¶Y™+–˜Á™(F›Å…œ¬9Ñùš£à›	¢"Á	—¤™Æ¹šÀ›Q¹œ·—ð˜â!fbºIœ¡Iœ©‰š#æ”ÉÙœ~yšoÎydwéža›…YœMÖ—(&š‚™#©¹–¼Yši‡Y”F9”Lñ—	Z
ê êj¡º¡Ú¡9™¡ª ªp¢WP¢&ÚUü™¢G0›,:‹y—«5—²ÉZ/:W§%£ že£_²™«yžrž7ªåÉž¦‰¤4	¤JJŸÔY¤‘žM*C:¡?Â¤OŠ¤	¥€¥À©›Dš%¤dš¥\Ú¥q9¥ßé•2‰¢tIš¡¦gjnÊ£pª`l:§zº§|Ú§~ú§t;GIF89ažŸ÷3f™Ìÿ3333f3™3Ì3ÿff3fff™fÌfÿ™™3™f™™™Ì™ÿÌÌ3ÌfÌ™ÌÌÌÿÿÿ3ÿfÿ™ÿÌÿÿ3333f3™3Ì3ÿ3333333f33™33Ì33ÿ3f3f33ff3f™3fÌ3fÿ3™3™33™f3™™3™Ì3™ÿ3Ì3Ì33Ìf3Ì™3ÌÌ3Ìÿ3ÿ3ÿ33ÿf3ÿ™3ÿÌ3ÿÿff3fff™fÌfÿf3f33f3ff3™f3Ìf3ÿffff3fffff™ffÌffÿf™f™3f™ff™™f™Ìf™ÿfÌfÌ3fÌffÌ™fÌÌfÌÿfÿfÿ3fÿffÿ™fÿÌfÿÿ™™3™f™™™Ì™ÿ™3™33™3f™3™™3Ì™3ÿ™f™f3™ff™f™™fÌ™fÿ™™™™3™™f™™™™™Ì™™ÿ™Ì™Ì3™Ìf™Ì™™ÌÌ™Ìÿ™ÿ™ÿ3™ÿf™ÿ™™ÿÌ™ÿÿÌÌ3ÌfÌ™ÌÌÌÿÌ3Ì33Ì3fÌ3™Ì3ÌÌ3ÿÌfÌf3ÌffÌf™ÌfÌÌfÿÌ™Ì™3Ì™fÌ™™Ì™ÌÌ™ÿÌÌÌÌ3ÌÌfÌÌ™ÌÌÌÌÌÿÌÿÌÿ3ÌÿfÌÿ™ÌÿÌÌÿÿÿÿ3ÿfÿ™ÿÌÿÿÿ3ÿ33ÿ3fÿ3™ÿ3Ìÿ3ÿÿfÿf3ÿffÿf™ÿfÌÿfÿÿ™ÿ™3ÿ™fÿ™™ÿ™Ìÿ™ÿÿÌÿÌ3ÿÌfÿÌ™ÿÌÌÿÌÿÿÿÿÿ3ÿÿfÿÿ™ÿÿÌÿÿÿ!ùÿ,žŸÿ¯	H° Áƒ*\È°¡Ã‡#J,`¢Å‹3jÜ(ÀªŠCŠIÒ¡G%Sª\‰Ñãª,cÊœyÐ%Lš8s–´ù¥ÎŸ@'ò¼´¨Q…C{]ÊôZÒ—D›JÍùT)PŸSV…Š•"€¯]i~Í:r«U„>ÃÊK–£Y®	±¢;lEºuÙ:íˆ× Hµm#¾=ë—bÇº‡ï5¼xnMÅ-†û˜à_Ä‹3ÏÅ{2fÀ‘N&l™±cÍŸS£öj7´P¨°cÇ›scÛo¯.mÛµIÙÀewµ+WïiÍœçíûwðçQ›K¯	½:èé¾G¿Ž=²öàÜ»“ÿý¾]<vòàÍ7Gÿ<¼z£ìÓ¿¿ýü¶õåß—šßþþ¦ýé÷|Ähà¨àAVX±àƒ×4è „J8!…÷YØ †ói¸!‡êyø!ˆØ‰8"‰Í‰ˆbw®È¢†.–8„1ŠGc/^ˆcŠ'îèÛ>þØc‘Id‘CI–‘J.™d“R1	e”>9eP-^ÙT–Zeb—^~	f˜\Ž	”ŠfUfšgJÉ¦Nn¾	§œK¹GgJ'ÝyUtz®EYŸ3Ùd' 
5(¡¯	‡¨JOº¨såQ5¦Y´µ¦“¥$¾Esbõ†á`Ë1×Wk}9e_z‰šiu¤e–ØiÇ…ÿšÛp˜R¨\¦©¶›¥³æé‚ßÕÆ¬¸)÷ê¯ÂBH^²»{ì³Çõæ¨tèmVª©±â–Üny]«`|Ó"Z_¸„æG®žý{g€ê¾`«úÅê¼|Æk½ô¶æ»³Ù+/¾ùú{/Àøê;%¿Š
ŒàÂ(ðÃïY	qFqNŒ‘…‹´fÆ¡ÉñÅ,‘‰:ŠüPÈ&CcÊ¯ÌrDVürC2Ï¬PÍ6'„sÎíÌsA>ÿ,PÐBG(qÑ-´Ò<3Ýt•%#ôÆRÏèrÕVS]4ÉQW-&ÖS_
öÐbMöÑ^£u×f·-šÛòüqžpwô§Û‚Öm(Þ	›ŠÝ¨ßþšæV•z+–ájê«g‚ÿ
,«¡jkí]©n‹í¦1N†ë°ºF{X¶Œ8Úæ;‹ÜX sºjÀžöÚ,j©;n+ÀÌ‚n;b±K;;Á“—úä¯û…ø~ìÉ-'¸6û²¹,³›²ó"ók|—O0ÁÖeŒðÝ
cùÄÛÃf=‘ásÿhÃè3ÌT@;<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Trusts</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Trusts</maml:title><maml:introduction>
<maml:para>A trust is a relationship, which you establish between domains, that makes it possible for users in one domain to be authenticated by a domain controller in the other domain. </maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Trusts in WindowsÂ NT</maml:title><maml:introduction>
<maml:para>In the WindowsÂ NTÂ 4.0 operating system, trusts are limited to two domains, and the trust relationship is nontransitive and one-way. In the following illustration, the nontransitive, one-way trust is shown by the straight arrow pointing to the trusted domain. </maml:para>

<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=218c5e4d-e17e-4dce-8fa8-d37ff02fe8bb" mimeType="image/gif"><maml:summary>Direction of trust path</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Trusts in WindowsÂ 2000Â Server, WindowsÂ ServerÂ 2003, WindowsÂ ServerÂ 2008, and Windows Server 2008 R2 operating systems</maml:title><maml:introduction>
<maml:para>All trusts in WindowsÂ 2000Â Server, WindowsÂ ServerÂ 2003, Windows ServerÂ 2008, and Windows ServerÂ 2008Â R2 forests are transitive, two-way trusts. Therefore, both domains in a trust relationship are trusted. As shown in the following illustration, this means that if DomainÂ A trusts DomainÂ B and DomainÂ B trusts DomainÂ C, users from DomainÂ C can access resources in DomainÂ A (when they are assigned the proper permissions). Only members of the Domain Admins group can manage trust relationships.</maml:para>

<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=938e20ba-8457-4f6c-83a0-e428a15c3e70" mimeType="image/gif"><maml:summary>Transitive trusts in a domain tree</maml:summary></maml:objectUri></maml:embedObject></maml:para>
</maml:introduction></maml:section><maml:section address="H2_53862376">
<maml:title>Trust protocols</maml:title><maml:introduction>
<maml:para>A domain controller running Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 authenticates users and applications using one of two protocols: the Kerberos versionÂ 5 (V5) protocol or NTLM. The KerberosÂ V5 protocol is the default protocol for computers running WindowsÂ 2000, WindowsÂ XP Professional, WindowsÂ ServerÂ 2003, Windows ServerÂ 2008, or Windows ServerÂ 2008Â R2. If any computer in a transaction does not support the KerberosÂ V5 protocol, the NTLM protocol is used.</maml:para>

<maml:para>With the KerberosÂ V5 protocol, the client requests a ticket from a domain controller in its account domain to the server in the trusting domain. This ticket is issued by an intermediary that is trusted by the client and the server. The client presents this trusted ticket to the server in the trusting domain for authentication. For more information, see KerberosÂ V5 authentication (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=81795</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=81795"></maml:uri></maml:navigationLink>).</maml:para>

<maml:para>When a client tries to access resources on a server in another domain using NTLM authentication, the server that contains the resource must contact a domain controller in the client account domain to verify the account credentials.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Trusted domain objects</maml:title><maml:introduction>
<maml:para>Trusted domain objects (TDOs) are objects that represent each trust relationship within a particular domain. Each time that a trust is established, a unique TDO is created and stored in its domain (in the System container). Attributes such as trust transitivity, type, and the reciprocal domain names are represented in the TDO.</maml:para>

<maml:para>Forest trust TDOs store additional attributes to identify all the trusted namespaces from its partner forest. These attributes include domain tree names, user principal name (UPN) suffixes, service principal name (SPN) suffixes, and security identifier (SID) namespaces.</maml:para>

<maml:para>For more information about domain trusts, see Trust Technologies (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92695</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92695"></maml:uri></maml:navigationLink>). For more information about trust relationships, see Designing a Resource Authorization Strategy (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92696</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92696"></maml:uri></maml:navigationLink>). </maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding Trust Direction</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Trust direction</maml:title><maml:introduction>
<maml:para>The trust type and its assigned direction affect the trust path that is used for authentication. A trust path is a series of trust relationships that authentication requests must follow between domains. Before a user can access a resource in another domain, the security system on domain controllers running Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 must determine whether the trusting domain (the domain that contains the resource that the user is trying to access) has a trust relationship with the trusted domain (the user's logon domain). To determine this, the security system computes the trust path between a domain controller in the trusting domain and a domain controller in the trusted domain. In the following illustration, the trust path is indicated by an arrow that shows the direction of the trust. </maml:para>

<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=218c5e4d-e17e-4dce-8fa8-d37ff02fe8bb" mimeType="image/gif"><maml:summary>Direction of trust path</maml:summary></maml:objectUri></maml:embedObject></maml:para>

<maml:para>All domain trust relationships have only two domains in the relationship: the trusting domain and the trusted domain. </maml:para>
</maml:introduction></maml:section><maml:section address="H2_53855779">
<maml:title>One-way trust</maml:title><maml:introduction>
<maml:para>A one-way trust is a unidirectional authentication path that is created between two domains. This means that in a one-way trust between DomainÂ A and DomainÂ B, users in DomainÂ A can access resources in DomainÂ B. However, users in DomainÂ B cannot access resources in DomainÂ A. Some one-way trusts can be either a nontransitive trust or a transitive trust, depending on the type of trust that is created. For more information about trust types, see <maml:navigationLink><maml:linkText>Understanding Trust Types</maml:linkText><maml:uri href="mshelp://windows/?id=6472046a-30dd-4dc9-92e0-450cebdafc90"></maml:uri></maml:navigationLink>. </maml:para>
</maml:introduction></maml:section><maml:section address="H2_53856945">
<maml:title>Two-way trust</maml:title><maml:introduction>
<maml:para>All domain trusts in a Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 forest are two-way, transitive trusts. When a new child domain is created, a two-way, transitive trust is automatically created between the new child domain and the parent domain. In a two-way trust, DomainÂ A trusts DomainÂ B and DomainÂ B trusts DomainÂ A. This means that authentication requests can be passed between the two domains in both directions. Some two-way relationships can be either nontransitive or transitive, depending on the type of trust that is created. For more information, see <maml:navigationLink><maml:linkText>Understanding Trust Types</maml:linkText><maml:uri href="mshelp://windows/?id=6472046a-30dd-4dc9-92e0-450cebdafc90"></maml:uri></maml:navigationLink>. </maml:para>

<maml:para>A Windows ServerÂ 2008 or a Windows ServerÂ 2008Â R2 domain can establish one-way or two-way trusts with the following domains and realms:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 domains in the same forest</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 domains in a different forest</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Windows ServerÂ 2003 domains in the same forest</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Windows ServerÂ 2003 domains in a different forest</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>WindowsÂ NTÂ 4.0 domains</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Kerberos versionÂ 5Â (V5) realms</maml:para>
</maml:listItem>
</maml:list>

<maml:para>For more information about the KerberosÂ V5 protocol, see KerberosÂ V5 authentication (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=92699</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=92699"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Enable or Disable an Existing Name Suffix from Routing</maml:title><maml:introduction>
<maml:para>You can use the ActiveÂ Directory Domains and Trusts snap-in to modify the routing of the existing name suffixes.</maml:para>

<maml:para>Name suffix routing is a mechanism that you can use to manage how authentication requests are routed across Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 forests that are joined by forest trusts. To simplify the administration of authentication requests, when you create a forest trust all unique name suffixes are routed by default. A unique name suffix is a name suffix within a forest, such as a user principal name (UPN) suffix, service principal name (SPN) suffix, or Domain Name System (DNS) forest or domain tree name that is not subordinate to any other name suffix.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To enable or disable an existing name suffix from routing</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Active Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain node for the domain that you want to administer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, under either <maml:ui>Domains trusted by this domain (outgoing trusts)</maml:ui> or <maml:ui>Domains that trust this domain (incoming trusts)</maml:ui>, click the forest trust that you want to administer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Name Suffix Routing</maml:ui> tab, and under <maml:ui>Name suffixes in the x.x. forest</maml:ui>, do one of the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>To enable a name suffix, click the suffix that you want to enable, and then click <maml:ui>Enable</maml:ui>. If the <maml:ui>Enable</maml:ui> button appears dimmed, the name suffix is already enabled.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To disable a name suffix, click the suffix that you want to disable, and then click <maml:ui>Disable</maml:ui>. If the <maml:ui>Disable</maml:ui> button appears dimmed, the name suffix is already disabled.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in ActiveÂ Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>When you disable a name suffix, all children of that DNS name will also be disabled.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You cannot enable a name suffix that is in conflict. If the conflict is with a local UPN name suffix, you must remove the local UPN name suffix before you can enable the routing name. If the conflict is with a name that is claimed by another trust partner, you must disable the name in the other trust before it can be enabled for this trust.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Change Forest Dialog Box</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Root domain</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Displays the fully qualified domain name (FQDN) of the forest root domain that is the current focus of the ActiveÂ Directory Domains and Trusts snap-in. To change the focus of the snap-in to another forest root domain, type the full Domain Name System (DNS) name of the other forest root domain here. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Save this domain setting for the current console</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Specifies whether to save the current domain focus for the given snap-in. If you select this option, the next time that you open the snap-in, it will focus on the domain that is listed here.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=04c5a443-d7b3-4cc1-932f-c720a8e9cb41"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual>GIF89a½¢ÿÿÿÌÌ™ÿÿÌ™fffff,½ÿ°þ0Ê©7ëÍ»ÿ`(ŽdižÓ ÐB©l|ºrkMkï|ïÿÀ×G‹ÐŠA ÒcZŽ9˜jhKZ¯Ø¬6¶t]ÐoczénYÓç-^«TøyN¯Ûi§¾2vcªeqw%KP{^}bƒŒŽr‘†yM8‚…~—žˆ‡)™š¤¥¦5]“H©+fŸ§œ{«CT“˜°¹º»›‚ª¶µ€f®¼¢¢Š6lÉÇ£ÅÎÏšÃQqM–|pÖÐÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
H° Áƒ{¤YÈ°¡Ã‡#JœH±¢Å‹3jÜÈ±ÿ£Ž CŠÄ8 ¤É“(Sª\É²¥Ë—0cÊœI³¦Í›8sêÜ¹rž@ƒ
µ¹`¨Ñ£H“*]Ê´©KŸN£JíùsªÕ«X³jÕ
u«×¡E¿ŠK¶,Ù®fÓÆ«¶Û·pg¢—-Ý»xóŽ«7Ý¾€6Êwð×¿†+^Ì²0ã«ˆKžØ1e§‘/kÞì÷ç©™?‹mÕ2i°UO«^ÍÔ4ë¡_ËžMÓ5m¢©oëÞýÔ3oØ¹ÿm{øÓàÆ“Ë.®\eìæÐ73nò9õëŒ§_·Ž½û`íÔ¹{¯|tñäÓ×õ%úöðÍš‡þ>¾ýÃìí×¿Ïëüæÿûõ'`Tÿ)à€*U`r&è XùÅ×àƒÂ!|V¨!Q¶—á† ®Õ¡z†hbc#¦Wâ‰,ž´ q+¶Øâ‹ÃÅ(ã‰4
gã!æHr<	“¼í(d…Dîfä‘&©Û’L&èämPF9à”´UieXÎ¦å–÷uY•‘	&“bÊ%€™y}yfSl–¦L¬©˜›'ƒvêDáÔŸ€ª)@ŸßíI˜
YYW§¢+ý9¡c"j¡…–•$¦™¾Tç¡¾…§{.ú·ç£—R*§tj©LœvºWŠ5Å*«s®‚*g¨A—%1
lulý:lJU±ùé«ÿ.Å:©³žºÊë¶VkíµØf«í¶Ü^ÛÒ²º&Z©üZnuè’kn°Î±Û˜´1u+ï¼ôÎûm®ÌªTï¾üöë/¦¸â›/^£–j°¹ëžì°	™ì»¹²ùïÄsÛ¾¼V¬ñÆüBŒ±¸ ©‹nÃî*L²{S\1L·ü¯Ç+Ï¦´Òdë½‡[æ¸é*|îÉëžlpÉ.æéÌ€ÝóÇ6«J³ @±ŠsÎÓU0±Ç.üpÉÆ†%tÏ>WGuÕ)¼ªÙS<I’ÊW³Ìm?5¶ÎåÍ¸LÃzk^N§mtvo67¼}]]×àv‹†·Ú€C-ÕâžøeÇ¬ãàÿt¸P•GÞæä“un¹’˜.çæ½–ž¹Õ ?&zÞOªN6Á¨óô:ãŸ“®zë®Ë¾záµÃæûì~ñ~çðÆï{ò[ÍéÞð¿»e¸ZÜûrÐ—óECÏ<fßV}öáWFþéŽ/µÁåçUÀøÞà¥Fš§ŸÖûò³.ÛûåþõK\X—öÑ…€7AàuXžàe'TËôÄÁšT°9\ÔRf*Ädp/|Ëg2Âá”P‚¾ÉM¿54“œ++¤Þû„òBÉL®†gI!¹ÊU,`eíXÉÊØX‚ÃÒÄÐ,E„IÇ(ÿ d‰ÍÓáÁÒõ5wm-lDk	ÿátD²lÑ%3l‹
ˆüùOƒÄâ×Ø³&²q‡B<‰‹7š/¾$Œ~QW‹òÃbiMY*™£Õ¤HÅBrí&¢µhG=uñ+#5Eª µYVT¤&KI8Òg–Dd(ÖÂ=u²WôÊ$“rJÎUÒ ÄÚÖH¹Ã@®…l"Ö.É5†!Yq\I+ó™[²Ò˜Í{e&EiHZ¶Ð–gÄe3ÌœLp*Õdd4½2ÆXz3‘Ëtæ&åˆÌYÙ¯/ÙÄÍfÒ©Í³è’‡BëÚ,5ÉA"–?çDç=	”Ê«°S’Û¤Î?uÂ=§tHýÄæ>—rPÊ4”CùßBÕ—ÿÐ¨<´ã¹¨\ès2µg@£ROq´£EÊ5•RR‘’§¥(Š¨`ZºR¤ÀÔ¥M)fN*Br®¢,õ©TðTÃÜÔ=<íéH”Ðöýä¨`D•w„ª ¤Šj©IÉL=™è¨5Qµ4Ú«‘9§Ù»Šjõ™pg°¼º=Óm'¬±ªáŠÊžèQžðt‘áI&qŠ-zgqkxèZU™
fYMí«2ÁùÍfÒóÈ¬|® ÉBF®~±,SíZªP~Ó¿,¥Ê4+¼Õ|¤%f5EÙÍ¶«³°ôì<³H´¾¶¶´ž«ìèü³ÚÀî–¢œ]&ce+\‡¡µ\¹mÉÞR-ªÿ1qîÕ[ÜN·5}}'yÉ×â:²kun³¢›´,¹ú"ï³Ô{Þß‚¦ºÜÛ#kjMù²Dj;AÚ_í)óF¿‘EïãàÛ<þb·pˆ+€oRçÍ
HJSLƒÛ{Ý÷¶M	>py2\—e+¼¦–‡Gü2‹—·&Xˆ³zZœXï'$Î–õtã÷«{F1Y[º#Ò·R»c›U5cK
ùÈ6qŽKC`ÈÈ.†?®Í“Q²àTá·È™«rÒ<c ´5SvÕ§`öZ™¼XÎ—×kfäÙÂ;FðòÄ<À4“©ÍM»Uš£‡g½ô-ÀopŠÛ:gpÿÏ„M÷tfÕZzçSi‹eÂ¿Hƒ†~Y²´'=×EKz€ÕÃ4¨±:D€Ôœk2?3òi”¢Z1PmžF^m;U¿&Ê8µšNbÍ³œ4ôË¥ž4FQLìÆ‘×ß-¶±¡WN‡GØÂüêŽ«>´"»–fÕä@]íÃ@;%ìôÕ.ÿ˜×q›,˜â~¢´»ÝÆ=þˆ{í.™U['{‚ÝD
×=í)z—¶³Åâ"ÁÍo•Šìß¯"µ9YðoÙ“j5xÄo‚k6ü)n»½Ú,’éÚ	-}Ùñ‰§“Ûé.wwû4t/Üšßf8™ñ7jüæÏ4ÓµÓM\võ\à@ÿ§7„œ
›šÿ9GúVëJÁ‹{jh?£ÍÁ'dç;êÞT8¯ª‰r£V–§º#ÇâtOAv»G'¹3—í™STˆhÏ:ÉûGE
³ëþÆ¹ÔKžïŸ6]9 ¿K+ñ~ôÂgï/w1´_ÆÇå”(?{¼¦vEöéZq|ãË~šNrû3ôÕü¾ÝÎ›H~þn-ýý8OšFž^:§U½I¿;¾^3×”}[t¿úê¹øáª¹ZUx¿ûÆ\ðRðOS°G¥ÉkânO¹T:ŸöÉßñX‡>óMw‹ò+ÿûê"¸¶ÿñé¶Þ³‡Ôÿî˜v°îí
ÿú
äã
«¨þŒ–1%$Òþ7~ö~'&"ûÇ P¶€äÑ9ìç[	ØËGZ":xÈ'K6$l
òH‚
h`&Õ€0B·³„†‚ƒh\b@/67x‚˜£(ÔGPÒeö×hT"„3Ø5¨'DHIxkd¦¨"NUhçÑ„™&…EH	GT¨„VÈ„žv…L…Š¶…H†«ajNHƒü±#hÈ…fÈ|¢æ!¨8ß³>üÇjÒƒ¡ã‚o²Ë‚*X#|Ø‡‰ñ‡)ø„8ˆ„ø8Cñgt2‡ WTŠø^à'ŽÈ€ˆˆƒÊb‰—8‰câ‰o·"—ÿ—V´%d™xˆj&€4qz’x…‹„1‹ãn*§rAä(÷µf€¸‰ã×Šv,7r‘Š4u¶o”WŒ´82"pa‡2»ˆ_ˆ:Œÿ¦uÑtÙáuUdsJ§lµ±Xàv8\T¦e`¨bøZÏO•Òá¼Zˆähx£q6aÕè‹ö‡74Ž%¸G‡„uµÝ¤ûxŠâd-µ‰¨7oúX	t¥('P÷Œ?ã‘H·(Ãhxò6uz…‰}¶ŽÆ¨?!yñdŽ&iŽ®ã’Ü•‹åˆ2â8©¨ŠF¸†+¹ˆx±“iØ“¬”"”ñ·Šúñ“FHÿ©’íØ”ññ”h?"•üA•rh•EÂ”XÙZ‰,	{_ia‰T\©$^Y–fq–.2–¸·–lInYpY}sÙu,wéƒr™—_±—åÒ—{˜é!˜zhCi˜Z˜„©˜Œ9Ž™–O²˜‘y“	åg™—9™©”Â™ŸI”K9š×QšXè“¨Iª†¬ÙšÐñšì›²©´)š t›Í‘›QÉ›¿á›¶	œÂ!œEIœÃaœ§‰œÅ™’U©™Û¡›Ì9(Î¹•Ðùl#‘Ú¹ÜÙÞùA(ñàYžæé	‘žv@(êÙžî)ìùžò9ŸÏŸôyŸøÿY
ö™ŸüÙŸëù'þ ªû9 z :P º :
Ú ¡ð Z¡J¡š¡
Š¡Ú¡Ê¡¢ý	¢"Z¢ôI@&º¢ú(,ú¢ùé¢0:£ï‰X4z£éi£8º£aZ<ú£á£@:¤ú9Í@¤HÊ˜¤L
KÚ¤Pª¯s¤QZ¥Ü0¥Vš¥áðbZÚ¥ÛPdTê¥b
	`:¦f
vv¦j
È³¦nÊ¦ö¦rJq:§vŠq§zº§|Ú§~ú§€¨‚:¨„Z¨†z¨ˆš¨	¦
 ¨ŽL°	¨ñÀ¨ŽêŸÚ¨€©º©œ*–ò©™¡OÐ¨j
–¤ZÃÀ©¶P¡j”Pª¦Šª¡ºµš«¤
«Ú«8à«»šÀÚÃj«zª§ú«Ì*¬¾ª¬¡@«¸z¬ÃêÔŠ¬
©º«Ûú«ÐJ	™ «±Ê¯Z¬ØšÇª«Íª®¼j®á
®ÆšÔÐ«žz®ó	ªìêªb0®¹ê
®¯²
°9`¯[°{°›°
»°‚Z¯K¤dð°¥Ê¯›¨óêàÚÀª[±Lz±ÝÚ®ñš¯¥ ËÕš±ê
ª%±Ò²0»®-û±‹²ôz³Îê°3[¢›±)K¯€³ý™;<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Understanding When to Create an External Trust</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>When to create an external trust</maml:title><maml:introduction>
<maml:para>You can create an external trust to form a one-way or two-way, nontransitive trust with domains that are outside your forest. External trusts are sometimes necessary when users need access to resources in a WindowsÂ NTÂ 4.0 domain or in a domain that is located in a separate forest that is not joined by a forest trust, as shown in the following illustration.</maml:para>

<maml:para><maml:embedObject><maml:objectUri href="mshelp://windows/?id=722538bd-6535-4406-8c6c-c1e5170c4063" mimeType="image/gif"><maml:summary>External trusts</maml:summary></maml:objectUri></maml:embedObject></maml:para>

<maml:para>When you establish a trust between a domain in a particular forest and a domain outside that forest, security principals from the external domain can access resources in the internal domain. ActiveÂ Directory Domain Services (ADÂ DS) creates a foreign security principal object in the internal domain to represent each security principal from the trusted external domain. These foreign security principals can become members of domain local groups in the internal domain. Domain local groups can have members from domains outside the forest.</maml:para>

<maml:para>Directory objects for foreign security principals are created by ADÂ DS, and they should not be modified manually. You can view foreign security principal objects in the ActiveÂ Directory Users and Computers snap-in by enabling advanced features. (On the <maml:ui>View</maml:ui> menu, click <maml:ui>Advanced Features.</maml:ui>) </maml:para>

<maml:para>For more information about how to create an external trust, see <maml:navigationLink><maml:linkText>Create an External Trust</maml:linkText><maml:uri href="mshelp://windows/?id=72bf4a7d-660e-489f-b475-bea95e8d126c"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Change the Routing Status of a Name Suffix</maml:title><maml:introduction>
<maml:para>You can use the ActiveÂ Directory Domains and Trusts snap-in to view and modify the routing status of name suffixes.</maml:para>

<maml:para>Name suffix routing is a mechanism that you can use to manage how authentication requests are routed across Windows ServerÂ 2008 or Windows ServerÂ 2008Â R2 forests that are joined by forest trusts. To simplify the administration of authentication requests, when you create a forest trust all unique name suffixes are routed by default. A unique name suffix is a name suffix within a forest, such as a user principal name (UPN) suffix, service principal name (SPN) suffix, or Domain Name System (DNS) forest or domain tree name, that is not subordinate to any other name suffix.</maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins</maml:phrase> or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=83477</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=83477"></maml:uri></maml:navigationLink>.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:procedure><maml:title>To change the routing status of a name suffix</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Active Directory Domains and Trusts. To open ActiveÂ Directory Domains and Trusts, click <maml:ui>Start</maml:ui>, click <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>ActiveÂ Directory Domains and Trusts</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, right-click the domain node for the domain that you want to administer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Trusts</maml:ui> tab, under either <maml:ui>Domains trusted by this domain (outgoing trusts)</maml:ui> or <maml:ui>Domains that trust this domain (incoming trusts)</maml:ui>, click the forest trust that you want to administer, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Name Suffix Routing</maml:ui> tab, under <maml:ui>Name suffixes in the x.x forest</maml:ui>, click the suffix for which you want to modify the routing status, and then click <maml:ui>Edit</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Existing name suffixes in x.x</maml:ui>, click the suffix that you want to modify, and then click <maml:ui>Enable</maml:ui> or <maml:ui>Disable</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>To perform this procedure, you must be a member of the Domain Admins group or Enterprise Admins group in ActiveÂ Directory Domain Services (ADÂ DS), or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using <maml:ui>Run as</maml:ui> to perform this procedure. For more information, search for "using run as" in Help and Support.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>You cannot enable a name suffix that is in conflict. If the conflict is with a local UPN name suffix, you must remove the local UPN name suffix before you can enable the routing name. If the conflict is with a name that is claimed by another trust partner, you must disable the name in the other trust before it can be enabled for this trust.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>To view a log of name suffixes, DNS names, NetBIOS names, and the status that is associated with this trust, click <maml:ui>Save As</maml:ui>. This log can assist you in troubleshooting authentication problems.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Domain Properties - Trusts Tab</maml:title><maml:introduction>
<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Item</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Details</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Domains trusted by this domain (outgoing trusts)</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Domain Name</maml:ui>: Lists all the domains that are trusted by the selected domain. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Trust Type</maml:ui>: Specifies the type of trust between the selected domain and the domain that it trusts. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Transitive</maml:ui>: Specifies whether the trust between the selected domain and the domain it trusts is transitive. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Properties</maml:ui>: Click to view the properties of the selected trusted domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Remove</maml:ui>: Click to remove the selected trusted domain name from the list of trusted domains.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>Domains that trust this domain (incoming trusts)</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Domain Name</maml:ui>: Lists all the domains that trust the selected domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Trust Type</maml:ui>: Specifies the type of trust between the selected domain and the domain that trusts it.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Transitive</maml:ui>: Specifies whether the trust between the selected domain and the domain that trusts it is transitive.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Properties</maml:ui>: Click to view the properties of the domain that trusts the selected domain.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Remove</maml:ui>: Click to remove the domain name from the list of domains that trust the selected domain.</maml:para>
</maml:listItem>
</maml:list>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para><maml:ui>New Trust</maml:ui></maml:para>
</maml:entry>
<maml:entry>
<maml:para>Click to start the New Trust Wizard.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Additional references</maml:title><maml:introduction><maml:list class="unordered"><maml:listItem><maml:para><maml:navigationLink><maml:linkText>User Interface: Active Directory Domains and Trusts</maml:linkText><maml:uri href="mshelp://windows/?id=04c5a443-d7b3-4cc1-932f-c720a8e9cb41"></maml:uri></maml:navigationLink></maml:para></maml:listItem></maml:list></maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Forest Trusts</maml:title><maml:introduction>
<maml:para>You can use Active Directory Domains and Trusts to administer forest trusts.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding When to Create a Forest Trust</maml:linkText><maml:uri href="mshelp://windows/?id=79feb454-7529-4742-9f39-5d6c0696e6c1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Create a Forest Trust</maml:linkText><maml:uri href="mshelp://windows/?id=230ae7d6-352d-41d6-880d-f02052f6996c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Create a Forest Trust</maml:linkText><maml:uri href="mshelp://windows/?id=828a249f-9fd5-405f-9cd7-0657de4065a4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Change the Routing Status of a Name Suffix</maml:linkText><maml:uri href="mshelp://windows/?id=e1d983b5-7817-4972-b6fa-28c3f8577e69"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Enable or Disable an Existing Name Suffix from Routing</maml:linkText><maml:uri href="mshelp://windows/?id=aae18246-025a-44ff-84a5-fccabd63038f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Exclude Name Suffixes from Routing to a Local Forest</maml:linkText><maml:uri href="mshelp://windows/?id=80304139-ee6b-43f0-bc4f-6a4196392d4d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Domains and Forests</maml:title><maml:introduction>
<maml:para>You can use Active Directory Domains and Trusts to view and manage domain and forest functional levels and create user principal name (UPN) suffixes.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Understanding Domain and Forest Functionality</maml:linkText><maml:uri href="mshelp://windows/?id=6e36265c-863a-4f03-92b9-ee994e61b34f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Raise the Domain Functional Level</maml:linkText><maml:uri href="mshelp://windows/?id=0b564360-4440-4dfb-bcda-a3f20406de88"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Raise the Forest Functional Level</maml:linkText><maml:uri href="mshelp://windows/?id=991d570b-7d58-42bb-ad11-12045ebe1ec5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add User Principal Name Suffixes</maml:linkText><maml:uri href="mshelp://windows/?id=8c0cd186-a239-454b-9789-cef187236918"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><?xml version="1.0" encoding="utf-8"?>
<HelpCollection Id="domadmin" DTDVersion="1.0" FileVersion="" LangId="1033" Copyright="Â© 2005 Microsoft Corporation. All rights reserved." Title="Active Directory Domains and Trusts" xmlns="http://schemas.microsoft.com/help/collection/2004/11">
	<CompilerOptions CompileResult="H1S" CreateFullTextIndex="Yes" BreakerId="Microsoft.NLG.en.WordBreaker">
		<IncludeFile File="domadmin.H1F" />
	</CompilerOptions>
	<TOCDef File="domadmin.H1T" Id="domadmin_TOC" />
	<VTopicDef File="domadmin.H1V" />
	<KeywordIndexDef File="domadmin_AssetId.H1K" />
	<KeywordIndexDef File="domadmin_BestBet.H1K" />
	<KeywordIndexDef File="domadmin_LinkTerm.H1K" />
	<KeywordIndexDef File="domadmin_SubjectTerm.H1K" />
	<ItemMoniker Name="!DefaultTOC" ProgId="HxDs.HxHierarchy" InitData="AnyString" />
	<ItemMoniker Name="!DefaultFullTextSearch" ProgId="HxDs.HxFullTextSearch" InitData="AnyString" />
	<ItemMoniker Name="!DefaultAssetIdIndex" ProgId="HxDs.HxIndex" InitData="AssetId" />
	<ItemMoniker Name="!DefaultBestBetIndex" ProgId="HxDs.HxIndex" InitData="BestBet" />
	<ItemMoniker Name="!DefaultAssociativeIndex" ProgId="HxDs.HxIndex" InitData="LinkTerm" />
	<ItemMoniker Name="!DefaultKeywordIndex" ProgId="HxDs.HxIndex" InitData="SubjectTerm" />
</HelpCollection><?xml version="1.0" encoding="utf-8"?>
<HelpFileList xmlns="http://schemas.microsoft.com/help/filelist/2004/11">
	<File Url="assets\0011ec45-8051-41b2-b8ef-30b9161d3223.xml" />
	<File Url="assets\01e41315-a9b3-4f64-95db-f7147bcf1adf.xml" />
	<File Url="assets\04c5a443-d7b3-4cc1-932f-c720a8e9cb41.xml" />
	<File Url="assets\0b564360-4440-4dfb-bcda-a3f20406de88.xml" />
	<File Url="assets\0c97d612-762b-4bba-a158-036c1497446c.xml" />
	<File Url="assets\14b8a443-1d98-45a6-b3fa-74b80fc44519.xml" />
	<File Url="assets\230ae7d6-352d-41d6-880d-f02052f6996c.xml" />
	<File Url="assets\2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b.xml" />
	<File Url="assets\2e8f3ff1-225c-46e4-9061-e758df8befa4.xml" />
	<File Url="assets\36b61c6d-d4b8-4e1e-bd78-db8204285408.xml" />
	<File Url="assets\471131f7-9aa2-4f3b-ad0b-03caf9a9ea07.xml" />
	<File Url="assets\5378c53f-ef40-4cdd-96a6-911ba6056083.xml" />
	<File Url="assets\574bd0d8-1816-4d1e-bb78-61ffbd84ee34.xml" />
	<File Url="assets\6472046a-30dd-4dc9-92e0-450cebdafc90.xml" />
	<File Url="relatedAssets\46681e5b-fb4c-45bf-a19b-990ded5bc71b.gif" />
	<File Url="assets\6d35ab81-0b60-4425-8c95-46f676d1ea69.xml" />
	<File Url="assets\6e36265c-863a-4f03-92b9-ee994e61b34f.xml" />
	<File Url="assets\7296dc81-0672-4023-9937-c060fd7eef2f.xml" />
	<File Url="assets\72bf4a7d-660e-489f-b475-bea95e8d126c.xml" />
	<File Url="assets\791d01b9-2b81-446f-a4ae-75a5a1241a7e.xml" />
	<File Url="assets\79feb454-7529-4742-9f39-5d6c0696e6c1.xml" />
	<File Url="assets\7a01372b-6eb1-4175-b9ff-8c330a616021.xml" />
	<File Url="assets\80304139-ee6b-43f0-bc4f-6a4196392d4d.xml" />
	<File Url="relatedAssets\1f6970c2-62d3-482d-a78a-451d4333f511.gif" />
	<File Url="assets\80ae74bb-ccdd-4448-91f3-0038de553d9d.xml" />
	<File Url="assets\828a249f-9fd5-405f-9cd7-0657de4065a4.xml" />
	<File Url="assets\845f4f62-9231-44f6-ac76-572da9d09321.xml" />
	<File Url="assets\8c0cd186-a239-454b-9789-cef187236918.xml" />
	<File Url="assets\991d570b-7d58-42bb-ad11-12045ebe1ec5.xml" />
	<File Url="assets\9e88fe6b-2c8c-4c1a-bc78-21e807eecbba.xml" />
	<File Url="relatedAssets\218c5e4d-e17e-4dce-8fa8-d37ff02fe8bb.gif" />
	<File Url="relatedAssets\938e20ba-8457-4f6c-83a0-e428a15c3e70.gif" />
	<File Url="assets\9ef8c5ac-341e-4473-963b-32b67ff58c29.xml" />
	<File Url="assets\a43bb3e4-77b3-4b2e-adbd-d154b346781a.xml" />
	<File Url="assets\aae18246-025a-44ff-84a5-fccabd63038f.xml" />
	<File Url="assets\c88ba049-2635-4cc8-8f00-76cbeefe18b8.xml" />
	<File Url="relatedAssets\722538bd-6535-4406-8c6c-c1e5170c4063.gif" />
	<File Url="assets\d50bbb29-2ae1-4d47-bdb3-dc47efc111cf.xml" />
	<File Url="assets\e1d983b5-7817-4972-b6fa-28c3f8577e69.xml" />
	<File Url="assets\e1ed9885-3d41-4ef4-999a-bfa40d54808e.xml" />
	<File Url="assets\fb14e09d-f63b-4341-a8cf-0cad098888c4.xml" />
	<File Url="assets\ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1.xml" />
</HelpFileList><?xml version="1.0" encoding="utf-8"?>
<VTopicSet DTDVersion="1.0" xmlns="http://schemas.microsoft.com/help/vtopic/2004/11">
	<Vtopic Url="assets\0011ec45-8051-41b2-b8ef-30b9161d3223.xml" RLTitle="Troubleshooting Active Directory Domains and Trusts">
		<Attr Name="assetid" Value="0011ec45-8051-41b2-b8ef-30b9161d3223" />
		<Keyword Index="AssetId" Term="0011ec45-8051-41b2-b8ef-30b9161d3223" />
		<Keyword Index="AssetId" Term="0011ec45-8051-41b2-b8ef-30b9161d32231033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="0011ec45-8051-41b2-b8ef-30b9161d3223" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\01e41315-a9b3-4f64-95db-f7147bcf1adf.xml" RLTitle="Active Directory Domains and Trusts">
		<Attr Name="assetid" Value="01e41315-a9b3-4f64-95db-f7147bcf1adf" />
		<Keyword Index="AssetId" Term="01e41315-a9b3-4f64-95db-f7147bcf1adf" />
		<Keyword Index="AssetId" Term="01e41315-a9b3-4f64-95db-f7147bcf1adf1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="01e41315-a9b3-4f64-95db-f7147bcf1adf" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\04c5a443-d7b3-4cc1-932f-c720a8e9cb41.xml" RLTitle="User Interface: Active Directory Domains and Trusts">
		<Attr Name="assetid" Value="04c5a443-d7b3-4cc1-932f-c720a8e9cb41" />
		<Keyword Index="AssetId" Term="04c5a443-d7b3-4cc1-932f-c720a8e9cb41" />
		<Keyword Index="AssetId" Term="04c5a443-d7b3-4cc1-932f-c720a8e9cb411033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="04c5a443-d7b3-4cc1-932f-c720a8e9cb41" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\0b564360-4440-4dfb-bcda-a3f20406de88.xml" RLTitle="Raise the Domain Functional Level">
		<Attr Name="assetid" Value="0b564360-4440-4dfb-bcda-a3f20406de88" />
		<Keyword Index="AssetId" Term="0b564360-4440-4dfb-bcda-a3f20406de88" />
		<Keyword Index="AssetId" Term="0b564360-4440-4dfb-bcda-a3f20406de881033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="0b564360-4440-4dfb-bcda-a3f20406de88" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\0c97d612-762b-4bba-a158-036c1497446c.xml" RLTitle="Raise Forest Functional Level Dialog Box">
		<Attr Name="assetid" Value="0c97d612-762b-4bba-a158-036c1497446c" />
		<Keyword Index="AssetId" Term="0c97d612-762b-4bba-a158-036c1497446c" />
		<Keyword Index="AssetId" Term="0c97d612-762b-4bba-a158-036c1497446c1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="0c97d612-762b-4bba-a158-036c1497446c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\14b8a443-1d98-45a6-b3fa-74b80fc44519.xml" RLTitle="Active Directory Domains and Trusts - UPN Suffixes Tab">
		<Attr Name="assetid" Value="14b8a443-1d98-45a6-b3fa-74b80fc44519" />
		<Keyword Index="AssetId" Term="14b8a443-1d98-45a6-b3fa-74b80fc44519" />
		<Keyword Index="AssetId" Term="14b8a443-1d98-45a6-b3fa-74b80fc445191033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="14b8a443-1d98-45a6-b3fa-74b80fc44519" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\230ae7d6-352d-41d6-880d-f02052f6996c.xml" RLTitle="Checklist: Create a Forest Trust">
		<Attr Name="assetid" Value="230ae7d6-352d-41d6-880d-f02052f6996c" />
		<Keyword Index="AssetId" Term="230ae7d6-352d-41d6-880d-f02052f6996c" />
		<Keyword Index="AssetId" Term="230ae7d6-352d-41d6-880d-f02052f6996c1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="230ae7d6-352d-41d6-880d-f02052f6996c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b.xml" RLTitle="Create a Shortcut Trust">
		<Attr Name="assetid" Value="2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b" />
		<Keyword Index="AssetId" Term="2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b" />
		<Keyword Index="AssetId" Term="2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2e8f3ff1-225c-46e4-9061-e758df8befa4.xml" RLTitle="SID Filtering Dialog Box - Securing External Trusts">
		<Attr Name="assetid" Value="2e8f3ff1-225c-46e4-9061-e758df8befa4" />
		<Keyword Index="AssetId" Term="2e8f3ff1-225c-46e4-9061-e758df8befa4" />
		<Keyword Index="AssetId" Term="2e8f3ff1-225c-46e4-9061-e758df8befa41033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2e8f3ff1-225c-46e4-9061-e758df8befa4" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\36b61c6d-d4b8-4e1e-bd78-db8204285408.xml" RLTitle="Remove a Trust">
		<Attr Name="assetid" Value="36b61c6d-d4b8-4e1e-bd78-db8204285408" />
		<Keyword Index="AssetId" Term="36b61c6d-d4b8-4e1e-bd78-db8204285408" />
		<Keyword Index="AssetId" Term="36b61c6d-d4b8-4e1e-bd78-db82042854081033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="36b61c6d-d4b8-4e1e-bd78-db8204285408" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\471131f7-9aa2-4f3b-ad0b-03caf9a9ea07.xml" RLTitle="Trust Properties - Name Suffix Routing Tab">
		<Attr Name="assetid" Value="471131f7-9aa2-4f3b-ad0b-03caf9a9ea07" />
		<Keyword Index="AssetId" Term="471131f7-9aa2-4f3b-ad0b-03caf9a9ea07" />
		<Keyword Index="AssetId" Term="471131f7-9aa2-4f3b-ad0b-03caf9a9ea071033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="471131f7-9aa2-4f3b-ad0b-03caf9a9ea07" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5378c53f-ef40-4cdd-96a6-911ba6056083.xml" RLTitle="Trusts Properties - General Tab">
		<Attr Name="assetid" Value="5378c53f-ef40-4cdd-96a6-911ba6056083" />
		<Keyword Index="AssetId" Term="5378c53f-ef40-4cdd-96a6-911ba6056083" />
		<Keyword Index="AssetId" Term="5378c53f-ef40-4cdd-96a6-911ba60560831033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5378c53f-ef40-4cdd-96a6-911ba6056083" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\574bd0d8-1816-4d1e-bb78-61ffbd84ee34.xml" RLTitle="Verify a Trust">
		<Attr Name="assetid" Value="574bd0d8-1816-4d1e-bb78-61ffbd84ee34" />
		<Keyword Index="AssetId" Term="574bd0d8-1816-4d1e-bb78-61ffbd84ee34" />
		<Keyword Index="AssetId" Term="574bd0d8-1816-4d1e-bb78-61ffbd84ee341033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="574bd0d8-1816-4d1e-bb78-61ffbd84ee34" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6472046a-30dd-4dc9-92e0-450cebdafc90.xml" RLTitle="Understanding Trust Types">
		<Attr Name="assetid" Value="6472046a-30dd-4dc9-92e0-450cebdafc90" />
		<Keyword Index="AssetId" Term="6472046a-30dd-4dc9-92e0-450cebdafc90" />
		<Keyword Index="AssetId" Term="6472046a-30dd-4dc9-92e0-450cebdafc901033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6472046a-30dd-4dc9-92e0-450cebdafc90" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="relatedAssets\46681e5b-fb4c-45bf-a19b-990ded5bc71b.gif">
		<Keyword Index="AssetId" Term="46681e5b-fb4c-45bf-a19b-990ded5bc71b" />
	</Vtopic>
	<Vtopic Url="assets\6d35ab81-0b60-4425-8c95-46f676d1ea69.xml" RLTitle="Understanding When to Create a Shortcut Trust">
		<Attr Name="assetid" Value="6d35ab81-0b60-4425-8c95-46f676d1ea69" />
		<Keyword Index="AssetId" Term="6d35ab81-0b60-4425-8c95-46f676d1ea69" />
		<Keyword Index="AssetId" Term="6d35ab81-0b60-4425-8c95-46f676d1ea691033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6d35ab81-0b60-4425-8c95-46f676d1ea69" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6e36265c-863a-4f03-92b9-ee994e61b34f.xml" RLTitle="Understanding Domain and Forest Functionality">
		<Attr Name="assetid" Value="6e36265c-863a-4f03-92b9-ee994e61b34f" />
		<Keyword Index="AssetId" Term="6e36265c-863a-4f03-92b9-ee994e61b34f" />
		<Keyword Index="AssetId" Term="6e36265c-863a-4f03-92b9-ee994e61b34f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6e36265c-863a-4f03-92b9-ee994e61b34f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\7296dc81-0672-4023-9937-c060fd7eef2f.xml" RLTitle="Managing Trusts">
		<Attr Name="assetid" Value="7296dc81-0672-4023-9937-c060fd7eef2f" />
		<Keyword Index="AssetId" Term="7296dc81-0672-4023-9937-c060fd7eef2f" />
		<Keyword Index="AssetId" Term="7296dc81-0672-4023-9937-c060fd7eef2f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="7296dc81-0672-4023-9937-c060fd7eef2f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\72bf4a7d-660e-489f-b475-bea95e8d126c.xml" RLTitle="Create an External Trust">
		<Attr Name="assetid" Value="72bf4a7d-660e-489f-b475-bea95e8d126c" />
		<Keyword Index="AssetId" Term="72bf4a7d-660e-489f-b475-bea95e8d126c" />
		<Keyword Index="AssetId" Term="72bf4a7d-660e-489f-b475-bea95e8d126c1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="72bf4a7d-660e-489f-b475-bea95e8d126c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\791d01b9-2b81-446f-a4ae-75a5a1241a7e.xml" RLTitle="Resources for Active Directory Domains and Trusts">
		<Attr Name="assetid" Value="791d01b9-2b81-446f-a4ae-75a5a1241a7e" />
		<Keyword Index="AssetId" Term="791d01b9-2b81-446f-a4ae-75a5a1241a7e" />
		<Keyword Index="AssetId" Term="791d01b9-2b81-446f-a4ae-75a5a1241a7e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="791d01b9-2b81-446f-a4ae-75a5a1241a7e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\79feb454-7529-4742-9f39-5d6c0696e6c1.xml" RLTitle="Understanding When to Create a Forest Trust">
		<Attr Name="assetid" Value="79feb454-7529-4742-9f39-5d6c0696e6c1" />
		<Keyword Index="AssetId" Term="79feb454-7529-4742-9f39-5d6c0696e6c1" />
		<Keyword Index="AssetId" Term="79feb454-7529-4742-9f39-5d6c0696e6c11033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="79feb454-7529-4742-9f39-5d6c0696e6c1" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\7a01372b-6eb1-4175-b9ff-8c330a616021.xml" RLTitle="Select the Scope of Authentication for Users">
		<Attr Name="assetid" Value="7a01372b-6eb1-4175-b9ff-8c330a616021" />
		<Keyword Index="AssetId" Term="7a01372b-6eb1-4175-b9ff-8c330a616021" />
		<Keyword Index="AssetId" Term="7a01372b-6eb1-4175-b9ff-8c330a6160211033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="7a01372b-6eb1-4175-b9ff-8c330a616021" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\80304139-ee6b-43f0-bc4f-6a4196392d4d.xml" RLTitle="Exclude Name Suffixes from Routing to a Local Forest">
		<Attr Name="assetid" Value="80304139-ee6b-43f0-bc4f-6a4196392d4d" />
		<Keyword Index="AssetId" Term="80304139-ee6b-43f0-bc4f-6a4196392d4d" />
		<Keyword Index="AssetId" Term="80304139-ee6b-43f0-bc4f-6a4196392d4d1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="80304139-ee6b-43f0-bc4f-6a4196392d4d" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="relatedAssets\1f6970c2-62d3-482d-a78a-451d4333f511.gif">
		<Keyword Index="AssetId" Term="1f6970c2-62d3-482d-a78a-451d4333f511" />
	</Vtopic>
	<Vtopic Url="assets\80ae74bb-ccdd-4448-91f3-0038de553d9d.xml" RLTitle="Understanding Trust Transitivity">
		<Attr Name="assetid" Value="80ae74bb-ccdd-4448-91f3-0038de553d9d" />
		<Keyword Index="AssetId" Term="80ae74bb-ccdd-4448-91f3-0038de553d9d" />
		<Keyword Index="AssetId" Term="80ae74bb-ccdd-4448-91f3-0038de553d9d1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="80ae74bb-ccdd-4448-91f3-0038de553d9d" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\828a249f-9fd5-405f-9cd7-0657de4065a4.xml" RLTitle="Create a Forest Trust">
		<Attr Name="assetid" Value="828a249f-9fd5-405f-9cd7-0657de4065a4" />
		<Keyword Index="AssetId" Term="828a249f-9fd5-405f-9cd7-0657de4065a4" />
		<Keyword Index="AssetId" Term="828a249f-9fd5-405f-9cd7-0657de4065a41033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="828a249f-9fd5-405f-9cd7-0657de4065a4" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\845f4f62-9231-44f6-ac76-572da9d09321.xml" RLTitle="Create a Realm Trust">
		<Attr Name="assetid" Value="845f4f62-9231-44f6-ac76-572da9d09321" />
		<Keyword Index="AssetId" Term="845f4f62-9231-44f6-ac76-572da9d09321" />
		<Keyword Index="AssetId" Term="845f4f62-9231-44f6-ac76-572da9d093211033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="845f4f62-9231-44f6-ac76-572da9d09321" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8c0cd186-a239-454b-9789-cef187236918.xml" RLTitle="Add User Principal Name Suffixes">
		<Attr Name="assetid" Value="8c0cd186-a239-454b-9789-cef187236918" />
		<Keyword Index="AssetId" Term="8c0cd186-a239-454b-9789-cef187236918" />
		<Keyword Index="AssetId" Term="8c0cd186-a239-454b-9789-cef1872369181033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8c0cd186-a239-454b-9789-cef187236918" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\991d570b-7d58-42bb-ad11-12045ebe1ec5.xml" RLTitle="Raise the Forest Functional Level">
		<Attr Name="assetid" Value="991d570b-7d58-42bb-ad11-12045ebe1ec5" />
		<Keyword Index="AssetId" Term="991d570b-7d58-42bb-ad11-12045ebe1ec5" />
		<Keyword Index="AssetId" Term="991d570b-7d58-42bb-ad11-12045ebe1ec51033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="991d570b-7d58-42bb-ad11-12045ebe1ec5" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\9e88fe6b-2c8c-4c1a-bc78-21e807eecbba.xml" RLTitle="Understanding When to Create a Realm Trust">
		<Attr Name="assetid" Value="9e88fe6b-2c8c-4c1a-bc78-21e807eecbba" />
		<Keyword Index="AssetId" Term="9e88fe6b-2c8c-4c1a-bc78-21e807eecbba" />
		<Keyword Index="AssetId" Term="9e88fe6b-2c8c-4c1a-bc78-21e807eecbba1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9e88fe6b-2c8c-4c1a-bc78-21e807eecbba" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="relatedAssets\218c5e4d-e17e-4dce-8fa8-d37ff02fe8bb.gif">
		<Keyword Index="AssetId" Term="218c5e4d-e17e-4dce-8fa8-d37ff02fe8bb" />
	</Vtopic>
	<Vtopic Url="relatedAssets\938e20ba-8457-4f6c-83a0-e428a15c3e70.gif">
		<Keyword Index="AssetId" Term="938e20ba-8457-4f6c-83a0-e428a15c3e70" />
	</Vtopic>
	<Vtopic Url="assets\9ef8c5ac-341e-4473-963b-32b67ff58c29.xml" RLTitle="Understanding Trusts">
		<Attr Name="assetid" Value="9ef8c5ac-341e-4473-963b-32b67ff58c29" />
		<Keyword Index="AssetId" Term="9ef8c5ac-341e-4473-963b-32b67ff58c29" />
		<Keyword Index="AssetId" Term="9ef8c5ac-341e-4473-963b-32b67ff58c291033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="9ef8c5ac-341e-4473-963b-32b67ff58c29" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a43bb3e4-77b3-4b2e-adbd-d154b346781a.xml" RLTitle="Understanding Trust Direction">
		<Attr Name="assetid" Value="a43bb3e4-77b3-4b2e-adbd-d154b346781a" />
		<Keyword Index="AssetId" Term="a43bb3e4-77b3-4b2e-adbd-d154b346781a" />
		<Keyword Index="AssetId" Term="a43bb3e4-77b3-4b2e-adbd-d154b346781a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a43bb3e4-77b3-4b2e-adbd-d154b346781a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\aae18246-025a-44ff-84a5-fccabd63038f.xml" RLTitle="Enable or Disable an Existing Name Suffix from Routing">
		<Attr Name="assetid" Value="aae18246-025a-44ff-84a5-fccabd63038f" />
		<Keyword Index="AssetId" Term="aae18246-025a-44ff-84a5-fccabd63038f" />
		<Keyword Index="AssetId" Term="aae18246-025a-44ff-84a5-fccabd63038f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="aae18246-025a-44ff-84a5-fccabd63038f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c88ba049-2635-4cc8-8f00-76cbeefe18b8.xml" RLTitle="Change Forest Dialog Box">
		<Attr Name="assetid" Value="c88ba049-2635-4cc8-8f00-76cbeefe18b8" />
		<Keyword Index="AssetId" Term="c88ba049-2635-4cc8-8f00-76cbeefe18b8" />
		<Keyword Index="AssetId" Term="c88ba049-2635-4cc8-8f00-76cbeefe18b81033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c88ba049-2635-4cc8-8f00-76cbeefe18b8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="relatedAssets\722538bd-6535-4406-8c6c-c1e5170c4063.gif">
		<Keyword Index="AssetId" Term="722538bd-6535-4406-8c6c-c1e5170c4063" />
	</Vtopic>
	<Vtopic Url="assets\d50bbb29-2ae1-4d47-bdb3-dc47efc111cf.xml" RLTitle="Understanding When to Create an External Trust">
		<Attr Name="assetid" Value="d50bbb29-2ae1-4d47-bdb3-dc47efc111cf" />
		<Keyword Index="AssetId" Term="d50bbb29-2ae1-4d47-bdb3-dc47efc111cf" />
		<Keyword Index="AssetId" Term="d50bbb29-2ae1-4d47-bdb3-dc47efc111cf1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="d50bbb29-2ae1-4d47-bdb3-dc47efc111cf" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e1d983b5-7817-4972-b6fa-28c3f8577e69.xml" RLTitle="Change the Routing Status of a Name Suffix">
		<Attr Name="assetid" Value="e1d983b5-7817-4972-b6fa-28c3f8577e69" />
		<Keyword Index="AssetId" Term="e1d983b5-7817-4972-b6fa-28c3f8577e69" />
		<Keyword Index="AssetId" Term="e1d983b5-7817-4972-b6fa-28c3f8577e691033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e1d983b5-7817-4972-b6fa-28c3f8577e69" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e1ed9885-3d41-4ef4-999a-bfa40d54808e.xml" RLTitle="Domain Properties - Trusts Tab">
		<Attr Name="assetid" Value="e1ed9885-3d41-4ef4-999a-bfa40d54808e" />
		<Keyword Index="AssetId" Term="e1ed9885-3d41-4ef4-999a-bfa40d54808e" />
		<Keyword Index="AssetId" Term="e1ed9885-3d41-4ef4-999a-bfa40d54808e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e1ed9885-3d41-4ef4-999a-bfa40d54808e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\fb14e09d-f63b-4341-a8cf-0cad098888c4.xml" RLTitle="Managing Forest Trusts">
		<Attr Name="assetid" Value="fb14e09d-f63b-4341-a8cf-0cad098888c4" />
		<Keyword Index="AssetId" Term="fb14e09d-f63b-4341-a8cf-0cad098888c4" />
		<Keyword Index="AssetId" Term="fb14e09d-f63b-4341-a8cf-0cad098888c41033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="fb14e09d-f63b-4341-a8cf-0cad098888c4" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1.xml" RLTitle="Managing Domains and Forests">
		<Attr Name="assetid" Value="ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1" />
		<Keyword Index="AssetId" Term="ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1" />
		<Keyword Index="AssetId" Term="ffa72b21-7092-4b25-ba49-a6f2a3a7c6f11033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="contentArea" Value="GettingStarted" />
		<Attr Name="subject_productTechnology" Value="IdentityAndDirectoryServices_AD" />
		<Attr Name="updatedDate" Value="2008/12/30" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="Windows 7 BOM 1787" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
</VTopicSet><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpTOC>
<HelpTOC xmlns="http://schemas.microsoft.com/help/toc/2004/11" DTDVersion="1.0" Id="domadmin_TOC" FileVersion="" LangId="1033" ParentNodeIcon="Book" PluginStyle="Hierarchical">
	<HelpTOCNode Url="mshelp://windows/?tocid=3ce6ed20-7607-4566-923d-a5328a21618d" Title="">
		<HelpTOCNode Url="mshelp://windows/?id=01e41315-a9b3-4f64-95db-f7147bcf1adf" Title="Active Directory Domains and Trusts">
			<HelpTOCNode Url="mshelp://windows/?id=ffa72b21-7092-4b25-ba49-a6f2a3a7c6f1" Title="Managing Domains and Forests">
				<HelpTOCNode Url="mshelp://windows/?id=6e36265c-863a-4f03-92b9-ee994e61b34f" Title="Understanding Domain and Forest Functionality" />
				<HelpTOCNode Url="mshelp://windows/?id=0b564360-4440-4dfb-bcda-a3f20406de88" Title="Raise the Domain Functional Level" />
				<HelpTOCNode Url="mshelp://windows/?id=991d570b-7d58-42bb-ad11-12045ebe1ec5" Title="Raise the Forest Functional Level" />
				<HelpTOCNode Url="mshelp://windows/?id=8c0cd186-a239-454b-9789-cef187236918" Title="Add User Principal Name Suffixes" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=7296dc81-0672-4023-9937-c060fd7eef2f" Title="Managing Trusts">
				<HelpTOCNode Url="mshelp://windows/?id=9ef8c5ac-341e-4473-963b-32b67ff58c29" Title="Understanding Trusts" />
				<HelpTOCNode Url="mshelp://windows/?id=6472046a-30dd-4dc9-92e0-450cebdafc90" Title="Understanding Trust Types" />
				<HelpTOCNode Url="mshelp://windows/?id=a43bb3e4-77b3-4b2e-adbd-d154b346781a" Title="Understanding Trust Direction" />
				<HelpTOCNode Url="mshelp://windows/?id=80ae74bb-ccdd-4448-91f3-0038de553d9d" Title="Understanding Trust Transitivity" />
				<HelpTOCNode Url="mshelp://windows/?id=d50bbb29-2ae1-4d47-bdb3-dc47efc111cf" Title="Understanding When to Create an External Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=6d35ab81-0b60-4425-8c95-46f676d1ea69" Title="Understanding When to Create a Shortcut Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=9e88fe6b-2c8c-4c1a-bc78-21e807eecbba" Title="Understanding When to Create a Realm Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=2d2b8e71-f8c6-4fa0-a622-b4039ab5ae4b" Title="Create a Shortcut Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=72bf4a7d-660e-489f-b475-bea95e8d126c" Title="Create an External Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=845f4f62-9231-44f6-ac76-572da9d09321" Title="Create a Realm Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=574bd0d8-1816-4d1e-bb78-61ffbd84ee34" Title="Verify a Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=36b61c6d-d4b8-4e1e-bd78-db8204285408" Title="Remove a Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=7a01372b-6eb1-4175-b9ff-8c330a616021" Title="Select the Scope of Authentication for Users" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=fb14e09d-f63b-4341-a8cf-0cad098888c4" Title="Managing Forest Trusts">
				<HelpTOCNode Url="mshelp://windows/?id=79feb454-7529-4742-9f39-5d6c0696e6c1" Title="Understanding When to Create a Forest Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=230ae7d6-352d-41d6-880d-f02052f6996c" Title="Checklist: Create a Forest Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=828a249f-9fd5-405f-9cd7-0657de4065a4" Title="Create a Forest Trust" />
				<HelpTOCNode Url="mshelp://windows/?id=e1d983b5-7817-4972-b6fa-28c3f8577e69" Title="Change the Routing Status of a Name Suffix" />
				<HelpTOCNode Url="mshelp://windows/?id=aae18246-025a-44ff-84a5-fccabd63038f" Title="Enable or Disable an Existing Name Suffix from Routing" />
				<HelpTOCNode Url="mshelp://windows/?id=80304139-ee6b-43f0-bc4f-6a4196392d4d" Title="Exclude Name Suffixes from Routing to a Local Forest" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=0011ec45-8051-41b2-b8ef-30b9161d3223" Title="Troubleshooting Active Directory Domains and Trusts" />
			<HelpTOCNode Url="mshelp://windows/?id=791d01b9-2b81-446f-a4ae-75a5a1241a7e" Title="Resources for Active Directory Domains and Trusts" />
			<HelpTOCNode Url="mshelp://windows/?id=04c5a443-d7b3-4cc1-932f-c720a8e9cb41" Title="User Interface: Active Directory Domains and Trusts">
				<HelpTOCNode Url="mshelp://windows/?id=0c97d612-762b-4bba-a158-036c1497446c" Title="Raise Forest Functional Level Dialog Box" />
				<HelpTOCNode Url="mshelp://windows/?id=c88ba049-2635-4cc8-8f00-76cbeefe18b8" Title="Change Forest Dialog Box" />
				<HelpTOCNode Url="mshelp://windows/?id=14b8a443-1d98-45a6-b3fa-74b80fc44519" Title="Active Directory Domains and Trusts - UPN Suffixes Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=e1ed9885-3d41-4ef4-999a-bfa40d54808e" Title="Domain Properties - Trusts Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=5378c53f-ef40-4cdd-96a6-911ba6056083" Title="Trusts Properties - General Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=471131f7-9aa2-4f3b-ad0b-03caf9a9ea07" Title="Trust Properties - Name Suffix Routing Tab" />
				<HelpTOCNode Url="mshelp://windows/?id=2e8f3ff1-225c-46e4-9061-e758df8befa4" Title="SID Filtering Dialog Box - Securing External Trusts" />
			</HelpTOCNode>
		</HelpTOCNode>
	</HelpTOCNode>
</HelpTOC><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="AssetId" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="BestBet" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="LinkTerm" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="SubjectTerm" /> U£yT`FE¿OíÛföÚJR”ìU]°©Ht‘ŠjR¥(£‰®„(Š®HA‚íŠ
”I*—Dª{ßb$XFvW€çÏœþ—óyïûò>çö÷¼Béb‚²…Ñè–›A+ *a²¡ t)€\†JÒ¤Ì¨lÓ@”‰º@"ŠtìÑù‹€`! ª¢Väg¼»žå jH&QqÊYSÿîšGÏyÞÞ½y÷§»bWc‡˜¶Ð=EÌ8É½µ0óÝoàîÀÿó?ÏÞâ¿^µ}7×IyßwqíÁ×Ú¾šæñ¶÷äŽzaÜqúôŽëô?Úù’{Åéí®‘þ0óû|Å}Þ¹nû6ÒkÛ®'×mßítÃºµ}»òÊuÛ7äPz›;å®í·•«\µ}öÚÏëÛ÷^¹nû^—kvïËõÛ7·^^·¾éÚy[{òk½8nÛ˜‡rìÛß¿—~÷òÓ.\‹û
ž_½xâ¼Hïëáï—~·‡?C¯nßŽ÷¹û†ÑwÃaÉãwñp°úóæÑ~ZeµQ·qß¦wp¼Ï¸õÞ=§ë#ìîåægsa^ÌwáÁÜ7ë]u{›è®í·Õ‹^Ú¾8á½-6zkûm¤4×mßmvù¼Þ=ÿðß‚+ÿÞØß[eø(û¯óö(×¼]mõUÿuÞç=üIñ[¡Žê¼Î›¼{èÎõ¼Ý¯ø«”çMtMçpÞÎ»ýªû„ÿ~ÛæNÏtýöÔÐO/\¯÷ºÊó¾÷Ø3ýïñÛòñ¥žs-þŽøü¥MÿYïüýÍå…çò…{Íþ<Ý'¾³xmü||v¢·Žøñ»Üå}§]o£?9íDÞþÄû®ûµ˜GÿçÂ	o‡ˆÙþõw®ø?àß7gÀEûaÜšþaÞt~ízö¨ý”qó/Ê[¾›¾svàà¼wÉµøx×öqŸ»ð›\¼ýäÚùúÖ>{k[n”rSÞ3çrm=®k;øÏvô+×Ïã¹vïgât@OÊãñµ}Ñkñ–;ã»\ôÚ5.×ã/¶½ëÌµÝ8\›ÇµÅ¸ÌmÛÁ;’\ywŸ_{6Ò½ÉÍºéæø¡¾Ž¯êYøš\äkïüÑœÜOóÑõÂßÝòI°Çzí›WÙ“§4þ¥ìeIÜžé¯té´Âþ~ÝGïôs:i¦OOróu)È|ÍŽë½‘
âosu,Žúm×€÷Õî¿¨/÷ëØQ-õŸõØ-ÙSì§Í±{öÇ&ý7kN=ùï8ó×{øãë`›íçcÕy©nùW=Eõ¸Õ“uîßÜV}÷WßëÜ¾{æ±÷”?íÆ‡]ççÚmžñ.©þ;é÷Ëcl¥Öz
ÏÒ±=ögoß’;Æšë–ùMÇ¤ýú5Ç†ØNíõ]ŸöØÝÙ_öŸŽì±=þRž3¯}ìu³Úb_êØ[gÿì³v{±ÇölŽÝ±§{ìê=0þîÂ¯uìÝ_¯lÇ~{²ÇáìEÿ¸wúoÏ±	ìÂ-tož2‡®Ÿ¯ulÝ¯Il£Ž{DÇáÙ=vcËöÙæzXÇöØžÇ78×E;óçœúÜ×=vcÓ¼Úî×Ä¿×žØ¹}·s³÷â6zfçèÝõÿùŽß/ÒÃ2?üìÒIþu=äË+¥}ë[3ºéNßýÖ[·úéPßúÖ·ŽµÔn¿úÖ·ž5Õ«¾û·~îßõomë«ã~û·–5Ö³¾û·žšîºßüì×¶{Õ¾îµþúk‡5ÞÝöy¯íÜ½Û_kÚo÷áÎÖ»;÷ï–î½]w|ßîÜ¾û¹û·Þæz×çûîçöÝ€ý÷Ïð»žwwàb?Á7ñkI\u×áþŸ†¯ëÝžÛw/7áf<ÂïxîÞÝ¹¿·ã{çøÝÍmªî>üç½ªs‡U
[ì¯œ~Us#j—Ä¯æë—:kÅ5áÇ.ôþ/~›g]jm“›ñ©>|©¾n©q]vÀ³+çk«zÚñgýøR~ý©¹†|}¾|©¾Ž©–|‡¾|©¾ž©‹¦|¾|©¾®©—¶|Ÿ¾v©}}RO}ù.|Ú¥õ5K5æ¶ûó¥ý:Rëùs}ùR½©v|©¾æ©Ãî|Ç¾v©}R—íù#|©¿þÔ–ƒ¾§ŒíRþzRwú¯}íRþšR“-úÇ}úR}=RÓMúÛ}íRûº¥ÎµÛ½÷·Kòp·óŽ¸>ä}”î0Î{¾MžåºG	rëÞ%ÈOßú¶Ž#õm»¾»¼ÛªW5ÈÏ{ïëCß6>Zw¸õ±jþÿžû«|‡åüyßïó~¿Ã>öm<;{÷Ä²ÿXóÙq<Ÿü¼˜}ð˜íƒ…šÿµqxÃöÇíˆ<pûHâ‘Ý‡»xô>ð}‡áÙ‹ÜéãIÞ6x4ˆá˜gËïŸûwÿËùÿË~“t•ZY~¶ÐG:™þAœ“N)ÖîÐÕ ·ü/^«}ùïšÆ”¿ÝÝßw’wŽã?ü…òƒà½?—rÛ»™ÿü¾I½äËÃ§”Õ)¥³¾:§tç¸{Jt–X§”Î9ëžÒçî)Ò™ëž)ÙîžÒïï)Òóž)³Ö=¥:ëSJçÞ{§tg¾{Jtî\§”Îì÷OéÎø”éO”Î,øNé»ð)Òy{S:3á>¥:¯SJçvOéÎ†ø”é|ÃN)³Ø>¥:#âS¥s+>S:ç±|Jt^d§”ÎÌøOéÎì”Ò¹›S:³ã>¥:?äS¥3G>S:³ä>¥:OåS¥3W>S:³å;¥t>Ë§JçŒvOéÎ˜ù”éœšO”Î¼ùNéÓó)Ò™;Ÿ)³Ú>¥:{çS¥óƒ>S:çµ}Jtl§”Î,úOéÎ£ú”éLÛN)³Û;¥t~p§”Î9îÒ:ËéS¥s›>S:ç¹wJéLëN)ùôŸÒQõ)Ò9ÛS:ç»wJéŒªO”Î¼úNéóÞ)¥³³>S:së>¥:»½SJç~}§tÎ|ï”Ò¹ûS:ç¿xJé°O”ÎûOéÎ²ð”Ò9žS:çÁ}Jtž„§”ÎLûOéö)Ò¹žS:çÃ}Jt¶Û§JçŒxOéÎ¸ñ”Ò9sŸ)³â>¥:ëîS¥óó>S:sï>¥:û†S”ÎyñžÒ:3ÆSJçìxLé¥s%<)Lé¥³~<ätÉŸÞÞrÅ[ñâ¼x/^‹âÅxñ^¼/Å‹ñâ¼x/^‹âÅxñ^¼/Å‹ñâ¼x/^‹âÅxñ^¼/Å‹ñâ¼x/^‹âÅxñ^¼/Å‹ñâ¼x/^‹âÅxñ^¼/Å‹ñâ¼x/^‹âÅxñ^¼/Å‹ñâ¼x/^‹âÅxñ^¼/òÿåR?÷
šå£¡ºI>
öá;„£|44||44–|?†>“GCáÉÂ£>
Q)†C•çGÑð¸òùh4d~
Ã ËG£aÐåúÑ4¾|?†C˜GCaÌæ£ÑPÆ>>
g	
C¢èGÑ°4ú|4ÒG?†!Òô£h˜*ý?†KÓ£!Øôýh:O?†ÃšÍG£¡õýhFR?†áÔæ£Ñð¤ú|4âs>
†:Õ£apçúÑ4´¯~
C¬ëGÑ0Èóùh4ìµ~
ÃëGÑìú~4
½¯GÃìóÑhè†ý>
±GCpìôÑh’ý?†e GÃ¡Ðè£Ñp4û}4g?†!Úè£Ñ°Lû~4
ÕµGÃíôÑhh<ú}4"“>
†J¥GÃ!Óé£Ñ°èôýh¶Ÿ>
†P¨GÃ¡Ôö£hèœú}4R«>çÐBKÿðÖºS¾~ùÏÃ8"À€0`€`À0À€0`€`À0À€0`€`À0À€0`€`À0À€0`€`À0À€0`€`À0À€0`€`À0À€0`€~ÀáþûU~D”DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDGDàånB~Æïy5G=ý’÷Såíœ^ã{K¿þqý£=úœºþ´£ü˜ÔAêÞÿ¦ÿ˜ÿOÜoª—ù'#¿)ùà+ÿMÝ3Óßò„¿ªM¸4ÿeäšS2òˆsÎ)yÄ+çŒ\â,v
FŽqx?ÿ'ßÑi*üÌ¬÷ï–eöçAž±FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄ1FŒ#Äˆ1bŒ#FˆbÄÿ1Eî„Ô„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„„ö¼S`øäY†!CÈ2dC†!dÈ2†!CÈ2dC†!dÈ2†!CÈ2dC†!dÈ2†!CÈ2dC†!dÈ2†!CÈ2dC†!dÈ2†!CÈ2dC†!dÈ2†!CÈ2dC†!dÈ2†!CÈ2dC†!dÈ2†!CÈ2dC†!oÈýÿîÿç-±Ó7_?•®føƒŽª«ñòBÿ§Hüpý¸p§\¸.…áÂ¸p.\Â…pá\¸.…áÂ¸p.\¸7o\¸p.\Â…pá\¸.…áÂ¸p.\Â…pá\¸.q¸p.\8‹\¸.…áÂ¸p.\Â…Çá|»‡®³¸ë.\['àë[ò…káÂ¸p.\Ñúw5Ù.ÜvË®á®¸p.\Â…pá\¸.…áÂ¸p.\Â…pá\¸.…ÝÆw¼ÜrGJ›>ìf˜ûƒîº§>Pw¤ÝaxÇT¬>‘w‡ÞÖ;\ÍÞÝÆwðßÑ‡}v\²OxÛàƒ‡f <MûÜŸÂ‡¾íxÔáaÛÇ· À}#ñGîŠ>t}ìûà÷Ñ†Ã¸ÙÆÛp<HÄßLýÇéÿ¸Spó\¸áf›qâ‰š†¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦§iî´~:ëhÚj¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶Ú«Új¶m«\ÛŠcŠÏiš¦¦iÓžk¸¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦íiŽ;äß¶«Új¶j«¶Ú«Új¶j«¶Ú«Új¶j«¶ÚµÝrÃµÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[¶Õ®í~>Ÿ4MÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓö4óŸÍÆmnÿû7qsý;ß¸ÍíáÂ;q¹ý\¸.ŒYÜŸe|ÖÄµÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVmµV[µÕ[mÕVí¶1®gÅ
ÅÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ4=MóûÈ‹¼4MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ¶4MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ4OÛ´ÈMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MMÓÓ44MnÛ	ãš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišš¦¦iišž¦òý,‹¼4MMÓÛ6ï¸ºágÎøÝÃø×yç½z¶ÁË15upÿç™í7aeÙÛ´¬µT*pŠ Z+Û$`£¤¡mlÁXÝB´&N$ŠE¶‘Ô%X$ÉÞ;ÈÛÞ“îýšD(+2¨î!ïþßþ½÷ï{‡·ßÀÿ7ü%|@"J4®cÕýÞ:½%³äs‰Ž	ÊÌ\¢,-rTæœÉ®F%K”U¦‘y¡¤¼©I±åaªâŠUk"xô’£Ã[yy6ÊE2Š8s5!Qçä8
“»w—L%À2‘êdàjH
Žªèû0ósÐŠV{÷Š¼Ó–‘ÆzDEªò-;³¹"sÉHa]ýøïÓC¨àû-ö[±§ï&9ƒ
Tý¯’ÕÜÔ“S=ª3ôŸOÁˆƒÿžÖå²Í‘Xcyð¾‚¸dù†Ìá¸W _•‰~
_Ç›º§opiÙËR;xÿ“ŽÕ
»ÿ»õbåýö
T°?~¤$‰m|tjÖ[¥+ûï¹xÜ“oé1*¿o³§Ì<ûØ›v{¥ƒÔ»à´¤Ÿš|õþŸ“?.±»”¾!^ °±«2Å«·yçSßwÿýïŒÿìwBÃ¦Š(6¬¯Tû³þÎ§Íû<6Ù
™åµƒÔ‹ÇkÏj¾ã¨0È	Dø§a÷](?õá¬ëd'ê³Iâƒƒdàý¡qk@×AÂ÷¥„	ÈLeš•17‡0“íBt^6w8ãúxÒ7ì¹ñ3T€c»ÎtYmÚÒú¾|É"ÓÙEk iWÂ¬-r@i÷7™-„ÃýÙÚdr‡ªÈ‹rnðÌ×Ý?‡ìÇ‰IÜqáwéÈó.xìX›•U<GÂÓR)õ²1ÛJQ@
R]ãn-•¿œ]Ü2ÝZfãÂ"D¸OÁ‹È[®[8¿ƒ5Š+)vÆe˜W+!*ði¸S“ÒË·T…(ý*a0:&ðÌ¯Jk°fÜw}|Ž¨™à¤rœZöPêÍ?éWP³° !¸ÍÉ_,îìŽSXÜ!ðÙÀÎŠÇ´–ä”U,p: ýßñaOb³EÁ~{c:#keÔ3¯"õHâ?ÀÜÛÙCÔ¾¨S•çñ±ªÝ¶îŸ 8£Æ‹ÿû ÖBî•3i1ÉV‹Hyc‹ÒÕ»:²l9Ç¤xOVguèóÅ~
ß€Å¿Í±Š–³ý«¹ºÖýeÈË¬Ìƒ”ÝÚ6E¬sH"Ã4ÁÎË˜zH}TAzlìì?»B[÷þk
ájßãèBPeÕ1®Z¢÷‰•Ä×êH•·‚Û˜~n÷ ;x×n¾évÉ¿·5_1®åt)· üé/Ä¿DCdñÅ4úR-‰ª4L’©ÚèƒÏZµÙ>lÓÄøþwtü0§¡\%ö)#M€ÁA÷åÐÛÎBÙ€TºË²eg·Ï«à˜¶ç"È“aÍfsbû	;þd™…õ§Š“a*ÅàçüiÌ½&ç_´Ä¨ßT¦¬—8Úsn[T866ÌŸxÉ®dš©’*¦^FÞƒ[|¢|ÝÉp¯°ò¢m§¬$–TqªÉwr°¿÷õZÏå‚èwÚý•ÿÊp@Š*‰8ßðhk;ÀJ¾¦çÈæf2Ïªø½:©€H‹x¹PhA¾K”kåÝ_Ö#±ØüçE,'£ËfiM/ÁIõÿŽr½ì¿¸E{{ÿ¿Å]óm£ì“³S‘9jÁ˜ˆç¸òrªçu…½æÔ:6ß©ŸLvc-6MéäéK°Ð”5;‰LÌ‡u7ÃCçw6fLN™$¼&Î™ÚÌ”¸)›ÞÜpëf«(up‡?¦5Š·œPâïÍØW¹Åÿ_ÂêŽ{çþð«àí?pþhäÄÕFFÿ))-½®W:3÷„l%¡ž¥ÁZ”³ñ£GÒ•¬ƒìÒ§¶`P´6´«\6œ.n®B°Æ&W[c³l‘³=Û$àáq¶ø‡¡åùæ[ª©srÜ4’¬pÒÈî‡LvI`ö|ßF±CL<£Dç½KŽ02²º¢IDä24ƒ}Óqqì®¥
¦QÂ6“Ž
z;D´°[‘íuØ†¶²
¨qÅ§T—4,`‹4Â¨úJÀ%·(wA#Üƒ11’nq’lðVë÷%ôæ(N'“ÔN5dÅR‘*&fú9í1ºì+uˆ=ˆk
±=eÉÇ2"/û‚l0hÄF5al+£‰æiâE¦]M:FÁ9Wˆ[‹826,ßbgØ¢n°ãÍ˜·m Þm·tjøp¢w‚cSã"ymÄN€™C
_nç÷:)r¢VŸÂÿt—=8¾·ðÝœã;ã*0µýùßÆØSiY’!¼:aïèY ;Ž?ÏXwêoZvL**9¢²˜7†ç—®Œ\ª˜®ŽÈ5õ}ølVLlVsA‡±	6Á˜Þ†ÝiˆrL=]«©ÑË1îû?f©”ÍLõòT»UkB«m5@9$PÌž<ºCZÂ3\œ·ìÎælÂµÉ Ô!¨&Ø“Ç“[v£áåÃŠaSª5AÛÎzÖë:¨œü‹=ð‡¨ñ×³Œe}EåÔÂ½ÀJ‹ƒ&"³#*œMÚ»µRÑåGœÛÀ±–¤Ñ²‹³)¯e³nÑ¦t"WM¡M¯½Qzæä#œ/E‡\îý×Ç à÷–¦EZßei«ó%Éc-&Ð>é^Å8~ï×¬6›Ë¼9¸2Lqíõ]Íå¾î€ÛN¸(âTþùõ][>ÀñA#àsí¤yéáÒfÑjèn÷z¿BÙûoþÁ÷šº^Å`Î@ÊA@Íû‹Þ¡¤$RÜÃÊâ¢aVj÷Å.inok`ÊÂ±××I#‡¥YÎÒI›Ï5gVƒÏÁ½Æ¨'¶‹ãg®I´üzµ»°8X¹Þ[iAmN‹ö?hÿrwnÜ¯tF*(Ú5<–¶[)Óóžn³åÎÕË©VzÀ‰†ZñÉ mPÜ‚iŸB* "‰¡Xœp¶ŠgAŒ…ÇØá^SrÍÑ[¥ƒ«8uLIs	hu±ÿ½ÈíìmÑµ2¿oïN:
ë»¾ƒˆl¾×UÒp¹Ü{´ÎbãŸ£ä}Qj}ûŒâø‚MËñÊ¦Û12oXD¥%ÀöS˜ö<û™€‹Geò¹:,l>6\¢¾–]øc:1®›LûRD›Ž»…UÆØB‰<Z™Å*ÀŠé¦…8‡Õ·Hî5<¢¦éÄår}7¥UæÄ\ÍY›¢0’¯®U”úo»
ðú•žœ‘æg^_ \ß&néJÆ‘ÏµYÄî¥"ïƒ;Ù¡Jo÷&JÊÝÝÍ~ë_Í5[lws±Ä¡å¾èð?6ÜaDB‚ïƒ Ößk•<îÆsa©kìåPCÒ„÷ßJÌ-!n×‘/rhê×FKw=`ß®lO©“d¦ûÙ5Óo¶j¿-¬çÐs^F€£âYl?ìý*ä˜_Ÿ2U‰¹šyÎj.GÛjk: ¯ýpRs/fÒcrâéêUÝc?RÍÆWÙ!‹tr	µ%
dù!õ±:1p¦¿ÕÜ(‡µaµ£rËé[FŽN¯>´¯Èóíw?,¼um'TÏ2;·.ô›kapô¤ÝbWFW	fÃ£–š, Œ¼$Ò9õCÊ>„:k={CÐGá¹×Ø"æCÕìj”[`SIÈÒZpS×ØÝ ûL*à¡ÚM?/ì¹kÁ»¬TÚ8{ *€Èú
Úåý2bèÆõëÈšÙE›¡ßÉ±KnÖ}L¤uÒCŸ½¼’¹<Gp_|m]ÍUjK°_H_	Á²·rÍÆ;þ¢6f¤ù¾Fêïó¿ƒî¥é±©¨î™DU¢gŸL½‘Ë·à×ß9Zî¸Šcµb°íŸ¿ðï[‚Ò:ÝŸŠä|b²I^®Ái¹)±g±2ü|šÊÍªSûËTæípã8¬|Æ} U•ÏÃP\×©‰%<{Ž¿4&íõÅS®&†Ágãey*áÞ}¬¹)ö]oEGÄ†bNh÷É™Œd‡6S¾ìÍ¬?ð‹òàÒî±Ý¶Õçù{$›û#¿½¾Wq¨ªËærGïÊtŠ´¦ÄÅ£ÙÊB_ìŽÛº‚éúÛ‡&Ÿ
ØšÈ¶wÕxê×€¤ß[^ÐÞk-êÒw
5v-dêð´ã0ÓÂm><J\©³kcc©ÃsPM‹$gÛ¡51™ú'®Ý¾mÙÉXÔV+ÒçæY0®óƒÃ¼ŸbH¸ò$>€¸ðx±-¢Oèv qå<L&×¡º„ã©I¹3*Þ]ó6@4vÛ€Î|WxYuj„—«úéëJfÉã•ãÂŸ˜Ž†'™å~ÛÁFÌ‰üùÿcÜŸâDÞŽ5ÚP‡øÅNÀSZ”ÌJÂ¥·tñ7	ÓîÒü¯Ù¢ÆÀú×µð'ùñ?¶÷|wG¸]¡¯è×Øw¾•a;ÃZ%~%ßG.xïû:Ýè—¢DE÷_7^We@´Õz't…$ûgýËçn€µ*`ì0ùþ²¢ARÑ^ugy¿Ç¾+€¤ðÝ{fš€¢u©ÊTdDd.cÄñ]Kˆz{f]Ù¡‹zßhç¬õ÷y_ÒÑsðÑ!Åé7 Õ\þEðÛžm¯	=.ëdþ¾?-fïPÒÎã3¬:›¾U¸WÕBÊu¿|K[¬
ßÁå"ÒË¥ÐÅ2°éf2šõsâÜióA+n…‘‚ËúÀ›ÍDé²ÏEm|¾#©¾Kf ¹×/(°ÍLØù¥ÿß›N˜ŽYnüöH›©2Å‹l»<±jÊ§=·–ÚK’?D´ÒÏd-kAêÞâ¾ëÔ€S
 Þp
`›÷QsÐ3Øä)M;Ø&Éž¹‘Ô¢ ÿ–ÓÓ‰Q¹§ïiA\ÚÍ£ÃuŸ](Ý!">i©¬¥éVå4J'»Ù0¼‚Mî/0½+l¼–»ÿwÊ„»H@AåÜ’-Gµåú@Š–ê({ï}Ã¾°?_¢ÔÓe&Ð£‰Š¢ù?NhiÿGõ4³,¹Ù7ìú$ç"¼²ÀùCzÚh·±–úÅæAl6"›§Ëâ¹ºV{¹j¶þÄ©0U²ÓÅˆë÷ÍS#KlÌyBDï)"|¡©£eqîò©ì‡°çËSô›ýþr0n–s0$n;.¯}ÔÈÞ÷)«nt›+2õé#²¦8?Ax¦þæ0è>2ÓÉŒ 1ƒ»µs€•ŠŒˆáŽÑrÑmf·ðQšXå¡X¡¸¶Ú°_MaB~`‚YùDX™ƒDçÀZÖñø†ÿúoUëŸ]!Çìòî÷‰w €;ˆŸsã^-ò 'Ã¤H ¢ÍTg\¦‘ì•ÜÓFO°Æœ‚¦ØüKÀQ&›÷è¬ÓUÞƒ´(åšj1Í„e¸U¬‡¯å®X#¶1¥À™	mŠfS1Œg¶\i¿YðP9ºu•-âbãL?»8·ÎKY*uK*Šµ>¹$Ø¶…‘ò#fclÈ ;
Êÿööa/õES^-óñ×[Å" (ËÎ¯8lÕ¿Âªq©Ç˜‹UX™»ä
@šH·/ëT©äWÑÁ±	ÈO¦øÆš½hÍ9…f4«š³™¨!%GR#ÕPëß”v(ëÛOdITöz‚P+P“_1D“”ÊÅ Y˜Ë•¹cügË%i.)ŽI¸ÐXA¯ËspÀæYº§6†)ôü"ú!Íªr»‰ø+ðRŠáx(3;v>¡7¤_È<âüÇÛ€$Þê#cÏfÓ‚€çætûÏïËpÐàÚ{PímÑ+?>ÿgKZ‡¹ä½›BrTWÙ]·ùi?!ÞúnžÔaˆPXÚ¶Ùbp:*yŒø™Û./(8£Ò»Fûý
£è˜?;|KdÅ™÷Â ìŒL/)¯_çÚ–gèÊÈD"…b-¯ýmw5næP7õØXÆ[Ó<ëöüW"2ÓßÕf¤–¡þcì~÷ëmþAM.8“m7×|xcÆåPù3µ)‡…oW‹JÖ±vb”4œBGãAÑ@Ž×/ñ|Ä!öçÐŒêD<‘†*þ
>Îmà”ð„4òŽ·p¬Œ¤]ßðaªzEç+/C$CÃË“FG¯›qi5€µ¾)$.é»-•py\ã:%‘ö9@Y¼Áföû×k¥ö{ŒÐ;ÃÇß‘†Æt'A—#1@õd„m¼B<ÜGíP®±.Ï@’ÃÚ|
[0Ëë6ÒÏžìr0J¦Z¢4×þÆœ=MZFiy3Ô>•öª›H-^ŽÝeÙ-Cò	Ywý§øn‰®Q®hÈÞc~Ž4bL¿ÿM'ÀÇ£
9R @Mè@¿Êß±büv€‡~Žì±_(¿Á“@Ht‹-q9É>àºüö+›‚e¿‹¬øTáZ‚lXØ&&}”‹fŽ´Ar.+g-hçç=oÛ‰#V8‹qMëÍ„¡å+Û·¤7Þ.‡é”A£zóÎPËŠÏ'8Æž±î_¬ª^;r>H’‰C“†¢cêo–ž9ZR&I¤¤SÊgiWJD4º=ÞZmiÍ
"yd#žñü¥÷ïùûx÷iZm¾Ñà]ëŽ‡—@úÓŠÔàE•qëiSMx@ŠÈ¦—$cX¹p
¯¬+)¨»JêñkYõ2ÅUzÿ¯SwÔŸ`¿·ïæJ9–Ü¶²1ùÉ&Aœ†¼ï´lq•:ee¼ÎeXºH.¾³¢õåNíl£:ªÚÁÇÝÆ÷ ^ùUÕpÆ}£(ñ¬úÿK”ÆÞûñÁŠ—}$Nò[ÆWÄ†|½6—Õ‹Ô2Ï¥'üØÝ+6Ð¶ÚÉÊkåEŠT£û5}ÚŽû&gÎÎ¸Ó±^¾XYáå}Ñ%tÂ»siäÈòí”>k,"Õ}‘ÙwTæÅÔÕ:Of¿QÃxü@¨[<Ëóè¦!ªög4@…y ¢Sžo³rÌß,ÃH.Òãœ<ÚC"g~ôIe…dç\WØclaõ‡%=”7Œð$Zëjç#Ùø<¹þ)ÚpÐ¨¯z‘â{úˆz‹#²õ3ãÑì¶>/#5{ie8ýÃóiX¨Ü`yï	Áç‰VÏO`Y]uo þþ…SGŒk¡o§P.i•~tBC1¹8ÔA=Fd\ûLÍªøeè0aBèÙüw([¯äY1¦–Ì3»Éž‚Wûo;’uøRy{U/¤ï'ÍeZlý?:C?ˆãYL¨?Œˆ§#oÐ‘Ðâ‡JtŒu6†	‹¥¦0*ÒÄ!>´Ÿ$Š·u
6ÃÐ†PXä0žO—pU´ù4¢Bôùw˜Mfpò©–´ÛƒØš×»Å9N†å÷ö¯÷c¯ó´f<dÌþcruŸõ¼âæl4È¢ŸyÅÚßÌ»™.}™GýÅŒ	ÙÚ%<¼öÿoº¹'²ñ¡†ù£ÂÂzÉ‚ÍìaÀñ\fê±™ü_0oY¸rÅ¯Àl:¡_·ƒs…tÕ'¤8<Ô€Àùt¢¬I¦žAÁdXçòjºÖÈEReu«.u¬ì‹ŒOˆuWú©Â„2Q-²¤øú
¬Ý½]ôÚUº<*ï·V‡%!V°ó„Eùù5†SyP^bñ‚lß@Wbf†˜@ë.ø¥6“³þjä:rn”Š£ÆbÞæÚ¬Ñ
ù}øãÿ;+*š(oU…ƒ“4È|`®í #’ªðJOøÎþ|œ¾É(üàNT¨€xð½;ì8óºlZ¶xÙ•©óý,(ÑÏ¨%Ž‚zÂ£‰«Hò”‚†¬Æ½¤’ß’
É9	'r+a€€„è•45w
ÌŒFè†Sn`à•`Žà‚€ËÏ‹“Eâ”Â²¶ñUÇLÞ‚*½ÏîzñoçX0SØF¤šÀ_‡Ÿ¿:äé%hòý<YØ¾âqŽŠ¡ul«n#»ÒKAéÿxWJ•Ý½ñKb2üÑéZí½ä®E b?À˜`	L0&˜ÀL`	&0À˜`	L0&˜ÀL`	??WñIWm/:³êj<·REœúí U‘’à¶@œ˜Õ4‘™XÂi³üph¡B¸±pæÃm¶Þz® .8ƒ‚þ‘U°ÞEW†½p53PmÔXâè-¹öàÏñœ—ƒœ¾Šú™a0J5‚M/agZ¾”dl- jº¡áÞ7 \iòù@£-tãyÐ·ÑBqöaï%<¢xÄî5•=kƒ™ž€ŸÒžg6½/©Zû8	ÔˆÛz˜oe@ë‚|F8! MRPÈ4Ö jËp4pÛ„;JýNö B=#Uz¤Õpz°K/œkÀÇt`hÊªý³ÌFüŸtÚýÝM†»ŠguÙæ‰8€PÂ°ƒ‚Wê”Øáµè@Åk¡p6¼Bu±€˜”{ÙËòð‘¢C) qP ÜårÈÞiÄ7ÖªŠ¾fñ}5ò
}µùs	GóÌÔzŒ˜§t`ì$0_."þªU3£ZS˜Îêéâa–Ø%C›Fè,\ª“›©¥1l¶ãßÔš<¹XÎµ¶þ§¥(Íq¼:ZÙ7Zªªšÿ™3~
^\âßºÆp/iþ}ºx¢-„ø	@<°6ü®1…^ydèFùx½ñä…NÕI—lQ<\â‹(Ï~4™¢›øH!hÀD¸,eÞZ4õŽË‡Û®íÓnÂ
Šk-Îº7CÔõ±hæS/ük;t”B3 ^´ÈÒè¤Þ‡¾zdÉ,#~´è»¾ŸƒL%jçV¯f¾ÃåÌ›9œ%ó<3/ M€'I#%“.Ôê^Tx:<Ç¤y.Ãì©‡-S“n¤7ê<Ä0D@z{òJEöýÆr#¥! æÜ™•^ù®sZ“côÒ¸&v6Ž¢À¨k°›z´ÄÅIïYýRfPÚÀ=Ä ÕæhtØ+õ¬$ÃÑÅ]Œº²Ÿn›¨¡@â›®à–CŸPðº-ï*¯ýÿó§—zÞÝþªõ8V!Ïà9Ú`26¡SŽM‹
ÜCÒVòCˆ^qU¿&óžöÆE] Ä¸/'Òµsv(!˜Í¶_™Èf¬˜‘HÅ¨SSÔ%È	ë÷Ì}«Q»P“Ï©g¤õRˆô;|>íGKœgÎ.•é^—¬Ùt%úÖ(ÿ·¯Å¥Âeãà¡ ÓŠsO”Ê¨É(Ä-æ NÒÎâ‚ì‚QºŸÌã%âÀ¬{ïÙa/å¤‹G¬%iH Ìò(_¶ƒnfÛ>/ÀÞ—îE} ûÉ‡Åº™ºd:@u²ÁEÞNC›xŠEüZ–Ã0žð›.hçBÎœ(BÔl·“¸œƒì©Ú5Ü^®ÆF¿CÅM‡â±k6-[õ¹d–nu§‘xPâºðo.ë©øú4šÂÑxy=Ÿ¸¡ÆôžhÍµÆcÙñæ;¶!b&tÚ~§ÎUž}ÃCø]†rDù‘ÈìFÇjŠƒcwhú+•óø\@=>Ç»;½ÁŒe%
Ô)ÛàB3âÇ—…ž@U=þB¢ðaACÀ±A%ãÕûb@á(=OñmZSèAqŠ«¾j¤£ËÝüh·4“paüÑÙWÏð'ˆP¼°¢Î£Úæ&ëZgŒ–HÙÄí^PÁ%åFãÂA×vø8O*®µó³iØ¿àð‡ÆEÔ“Õ"Ûî+'äÔJðÿ?˜Ùˆ†õ|¢øv
cõÜ¬Ä=CŒKEœ¿|(TÅ$¦N¤^![þš »øè1¨øðÐ©‚š™A;—k:;³‹Ï{’šÁëØ…#¶ý1ŒÐkýê}þ±˜a×%P‰TœOgû«šÌ¦K–è«–tž[~nmârkÕ¹L^IßH°°%œu5¡ã
xÄpàß
Z;#vNV×±Ÿ¥àþ	b[ñon8ñlX½í±+§#ž/,¥VC#ŒÉ aS˜ª±gW3´X9¼|/å±(9QÂjoRWÏƒ'÷ê[Î2ä¹ü’JšœÕC€óYéÙ¦áØ&È—ln˜.¤ù-~j–BÍÅ¡z{Ã+Kó˜zê1Åøñ…Þgê€mÉtÀÀ72ÃQý›2m…q”˜rÚW‡_¾æk~µ~ÂQµÏ£ðÿÀb*D¶:ê³PJñÕñ@°Z|Ÿ¢±ß (gƒí8Ï|ITj5ƒGs3`n´ì”¨[)þ®6åÁ3ï~zÔ:ó3ˆj²ÅËŽörézÆ”UGùëQ[pX8ÍáHYn;á1í!ø8MùdHU¾ñšq;ÊäY.ŽbúM‡ÈJªcfuAðŽüÑ¬`ÁI<µ®X©a(áèK«šŽ×ÿJ·3Å\Ï±/@áª¯¯|cå7F5Éõ¥‡2`ÂÑï'HW\«y\ÍÈ)J
—ÊÏJ,Ê›ï¿8Ï.—øb2PX€cÿÀv
ôáà1$Ó&ø¹;Y©ê9Q[·ÆÝ]¶@Sè·¤4ã¼z•vV¡M:Eül»#îâ?ÇÂ½ÖÏ©¾RÜ ºŒ¢Ñ%À[¥àp\®Ñä×y—çA)‡¬1§z«ye^Csô!æ&~+õƒ%–=e&±ØßšŠà{=µ®|‡Ë{lAþ€ÍAú0J8ýŽ‹šK×ÎE‚ïéaÔöÑâ¦wÿbÂˆó®ÑCË	jˆšgêˆ/FÛ0|G²Þê1ò^?wÙNçT¾oCÇ¦Ÿüì=^XÐ¬ÿøü¢>^ªß<(Øt/PëÚ¦%v¬ómœÿº×0¬“À<½jèû¦œwâ Bœâ0l("Ê2î”iÊC.g’ñdåœ—TlIÍ{¸"6’×^/f+wœJÈ"oç‰qÚÉ™H4,Uðkµå÷1[ÙMIÐçácÄRáDsÿÃ¿Ÿ+Tp®/4ãv©½ªøðsâ;Øï¨Žö£ñüN™ñ×'íô^»Ë!’Ð®þê„à9¬(Jx@úPÀ÷WÎ<¸¦(%Jo?®…˜ç³® W™%%Ð†Rˆ?>< `ODœ”-Ùo‡±Ïä÷Ü‹FKzý%è€¹ì‹«yâ†?OÚÆpfô6ç^wB~®7}ã>•«ÆI(øò?S“Áh0aÂé8±çÔ]HJÇ¦žD«„…Hõô…‹´°·L~œÂ·±Ãx}Ý}fwin~Í¦ÍŒ]þŠ—PZ?·;nø“iÐ1Ní÷szë¨(éq-ãÉçß–må†2hvjƒ°™öü—É˜:QEÿ'pÍ—¨$Ž^an-GÏ¤
átˆrÆ½Zç§ÑGmrµ‹b jXR‰Æ3ÉÞÊjÃq–	@×Íœµ(·ƒ9ìx4Ä¢<øœuB&sÞ/âlÅ…Ša¹ÚPÂ:Å2átU¹ÇláJŠ¢º)]\.P…¤‰â¦Eòtå`Åø]ÞUª)ý	ôöHx…ŽH"é\,•ËT›]0ŠÖ¾{rpUÓ:Z¥¯ãt±]RÜ3‡c$	[´sÞ©ÆY×P{Óú(¢Ä¡“Ê©«—·bÜ2\µ}›‰P ÷]þ17§t¹Æ¥Ú;‘llî´ÒHÌDÙd›'¿¦¢\3aâ	þÞv¬TÊQý}¢_ä].àŒ•~b‘0J¿É²&Qè/Êøq~seQéÕçâŒ¶Î¾}/ §ÈÃÐ*}Ñ{?Ð—p¯<|_:ÃÚf‘-NÑl{–eÊ‹eOÑ’,ÌîJ¶q¤Ç«t…¢™ED+ÕÊs¡²VÖÌëÙ¤Ä$BLZF¦‹Ë¶ˆËÝ¾–˜ö*Ì˜A‰Ê\:dt}?q“§xŒÄ^&¾®hH`ª
‘ÌcÎU!õEAVNZ$Žvšš#85u–¦Y½TÎ†œÅ‹KšÝ“éÆ
4Kû›¼q}FÓJOåjFIm ˆ°ë
¦,‘q¥4«HããX”Ò—æðÉöÇvsÃ-½
Y5úï³YYa-“ìÎÞÜb¿øBmQ’•›F™(ªKþm–9ê:Í€Ç‘Â;|e. v2wiá#rÆKd¦þPJÐòÀT/Gco—é¥$•Ú€)AöµcÕÅ³³®Ã\@†8YŒËšµˆïÔº0G
Ç	NÖ6oé_I¤âè¯=à
 CçF(d×£TûªÁø»Ž.:,nSáuÆŒã
4Kú¾‹ÊËêL„WWþ>íá¼–rh×n†<˜f¡áng¡ð3L†ÿ©Ø)¤à!íâ”³ÁÕi,E•¾@ÖÿŒ –¾#Yg–®7h³(g4“É;y´œéâ@2.0!,?Nƒ¥kPˆ«S´QdØQ¥c×ºã=˜Fî€-žÑ>ÉàöþÑd0åùçþso6^¿þ°P$/Åbt‡MáÄƒÌÇ|dœûg3^‰ÓzÃkOúN@%ƒ¨‡ªu&ªg`þ—ˆ +´‰1ù!6sò~ûcpÖø‰ú²}«â7Õéû•z}ÍÊî‡ûÊdÈ· šg¥gDé˜éq*½K*Yð›$œkò@+Í´ðes¸´/òž¦¾Í+éæg/[³ü»¡•pŸu0Êˆ¾	¾\x¹.®•-…‹èÅeÓM4~ŠÌÙõÜµ–(ÙÛfâØ†ÔÓ¶?O—Ý½âp÷AöÓÙ\<J€®*›1¹˜S#þî™Ô´åÉà.¶gqñ _!u„N‰æ§aÞ†ç¿t)HZZ)y9‡>Èþr^FÎÏÏ%+^/½Eÿig£N!_§…>ÙÂG˜”DŒ›ý¦™êFÖ_3FJºmŽMa²yÁòWêÉ-á
£ø'°8™çOÓ“«`<'ž¿×Œ
-‰áˆë5éÇÃþs-]'þ9}((ùPö¯>}=ËX«Œ½->´bc“³ËbwÞSr–Äþ®Ç7^¶qqùY>l<Ÿ¤o“ˆ¿/ß ¦Æ+hx¤ô8‚uH˜|;u©E&FÇÜzŠU‹Ã¶a¶ë0÷xÑG9@‚]ù>œ°($8XJ)3ê9|N˜«±sY%ÚâáÄ¾ ÿ[m^ü§ÀóË½<¬MŠÇ0<ä¿ß#ÔE›º=òhÏ;P€ÖPÎ›ÑpL®¦›âôh:Yx}TÕ^25‰,jfuda§µ3 ýÆ`3?²Ì‚‡ÞÔÝmç|Œ¶¡XãÇ¾´˜zªrÀ…´?4¾_K±8k6Åìºµë—]ÒÐß1ÿ°›%]jÅP‘*b4±å¥x¶Ùnth
®iO“3(¬ÍÁõ@¸æ…‹Æ.A)"ÖøÇw*LpXþlÌààYë:Ë¹ÕàÐˆjÐ2âzÁÑ\‘„^Ì†a}øhAhøw1ÎgóÀÝÿý¶)ÜKïRºöÑƒ`ÚÛÑñòÓƒ¨Š¢Ê›ÙæJñEå†-8‹_Ñ€)©üUÉ«Ê¦Fý"Ë#¨¿)þØ%GøFåƒô~“¼¬¤Rÿ¿\Ðl—âÚ ]kÁäÓñÜŽ	§e —2µÎGµ.gš•‘6†5n{Ý§ñå—Å~Öd‘MÑýI”4ù$šÔqZÈÁlïŠ‡ù[Ô7|ôa73[]Óg²ÈxF§³JÝ=§>ïÑŽÁ5E
wØ‘mM+Föä$²a‘‚yÂâÀ'æÿÅ?Ûš8MÝšåsþ{åÓxØãÕmûƒ;ìÈËð¦Èò‡ý=¡œƒ|ÌßE¾8)j}ëü8ržE…½ý2bÁÒ±Ùš|F´œ¢žMrJÚJüH,FæFÌE.êšG²GµC×¡ÂáÇ¡¹ª¡ÕhgŒ1JSºå®¨fˆ&_ŒQ„á‹ø¨¾T[Up|'¯‰ÜGwõ°õÃŽ;æ+cù%òÜæÆe°/7õ×ydáàÍäÊáOr*‡Ð˜üg‘ÅzØ“Túñàs%÷Þù‰µå”Õ&o¬:Ê&ÙhÉ¸Ì'êF¨öM¬Ÿ£¸l‹U84Â3f‹ti÷Ðõf²´;Ëjv6‰-ùÑ&6k.dJÌ±=5ò½uíbå·ô—¹ã2v2ui…,çö+ŠVY(¨oXS*ŒY-)ÕJŽX”¯ù
V‘{)N?ùoM<:véarëÒÿ˜\Ê8ZW¶æ]ô‡áºuæ8ÿqQ*¦Sgt/Î³îÏ?Ì]tò“§¹ofa¶2’2õ€tÿ¿zç‚Ü~æ%ùó	¹òA™¹ohnÑ—iÿ€ýÁß§°üáå‹wïÈ}ºú#8$	¥Ã¾<ø'ÅÝ§Ú1QWÑ¾æºyDt9<9RíÎÃ-[ÇZ–êc¥î“j’ƒ×Ò¬ôØù}o¸M>ð%9}Ýä[ÐâûN».8	ÏÉ×ÍŒ¾óÞiü[4«cûò1KÝæ²Ár<G7•Ê¶—<ÓKÃ3çÞO3Gæ¥©1[ãç
¾˜ˆl…«û+Æ¸&€œÀ,5—Äo?~,3ÐIÆ¦ÃËOfQ«vŠ:âÍDñíÿÉÍÒÎp²±÷¦Q£¹ÚUn$
q!‰|9EM¿3]h‘-ÅKS‹Ù"¤ª:mVKCR% ¶æÅÈO,¬twdE8Hl2 lÄï»c¯ªÓm½×ç©ð>¹¯X»uÆW9˜’ÅVk][œâ6öÃ÷qA[\¼ô‡ŸŸè'ô¼U¶b<µ†££»îÎÆòsŸô¯à:ª15ïB8ÆiDðÞÐüº¯–wzQÆr£z…aTmËêßÓiô‚<UûAª?3¦â×5î}v˜»&U°§Ïs^ŽõVTÎ´R”e~&&Ã7f1,/½‡‹M&ËÓaÂwôü‚¹§àbPöþïcè©ù
Û!Õ~äÖ…íNË—^ŠŒeÃŒ8ÝÿDÎŠwæâ¶£ç n/½œqjgäýÛ·žÜø¥ùÓÉZ-
÷Al†²ì=õÅš”T#ù)ù™œéüºà½ÇÝ]¶ÄMé[Å+ ÌrÓæÏcúnæ´úèzÁJ¶‹`Zòs…LÕv’øj¹.vØOè+Ì äÓž¹æhsçgŒ§ÄsíêIó…¦_Ó²
•0juÃskÖ)jJŸ,©)Àóç<u>UŽ×¨.žµâ<Ø6¬ðÄnJÌ™ÍDW\‘¢K^1‘z·FTr,ÙM—%Î¨Ç)>4çˆNj+uQöŸ
Çƒ¾¼>tË½«èÁ†RÊCòóu;íßëÁ[œDoäTÜxÉ4ÿ½6†ù¸o‰aO
ô¥u6J©£M‚K,Ac0ÄOÔ±ú3£ZBMárq¾
ˆåþb )!CøñË´©*Uê®®/MÐn7@Ži®Î§ÓC-.w•»Îs¬ßWÇ\ðÚüæói–·ÂÉ±Hm+ÆoÖÎžæ¦z×W1p8•iÆ	‚vÏ×eÐb
7ŸÓƒ.½cíã’–q¼HZ9ú¥AÅ6…™ÑÌ-Ü·%½tòEPÝcó%–×¼ý‡3/U†|Zë4X8”^ßŠÝˆ*“¶íñ°”iÎr•5`~·ÞtÂ·‘èU¯rUÝðŽ‹†Ý;/}^Ï%È/TYwîZ
§‰øìÐ·–¾ÞâŸyü=jÓ ÕÃ-d;5[a’<Ü©;Q&¤gãE„2$|<$?S–Ä›ïi1¨Ëp+w{¦õkŠ^R.!&QW—<x®Cgâˆ+Iu¼úæÁ¯hšö8|Á^ƒêƒg&€†P¨Ùò¸¸rè.mgL¦=Ý‰âëÃîé[Ìï¯‰Ëðï»ß(Ã-yWÏ¶62	þÏ|™ÔðÄòVŽPSžøþhº¡~@ïåI;?ÎogÀ÷ã«À@H’‰dÁØkè6ÎUG/½ëë}à(÷¹?³~ƒsFõúÇÈ«&µ™'ó·Z1EÓe÷6m§…ÂZ}ÝÛAsa|ù	ó.,ÎÙÜ£GÊá2Å0¯0Ç=o°–TVn¬QAÇk'j€™@Ôÿó8ØISãþ“û'"ñbN( (§w[ËùÉ`Ù\[™L;ëÐZ¢ •© Þñ¤Tcjê(E™†Ò]ÊÂ2¯Ý¼¸ñç™ÀjdoOY³#gšó¾Ä&íþ%0S’mÞÒwO[½…ažùž;v«yAŠMÌÿi¢œëFp†ÿ±`Ä˜ß³ÛyqÒˆùªx^;aoÎëCÓ×Ü.
c Çzl5ò+}ô^Ù·è(—ÛäæãÍ\ãxž+ÛQÏØË4`Èå:ä\Ý=À»“ÿ¼«ù}óÖ2ö9³½)'N†mcïJÒ¤‡gyÛž˜g~±ÿ>Ÿkˆ'óûV@t×„A@Á6\ôç Œ>6tOCD\aFLÚµ¯£ ;¸e—i€“†úþ î=(ÜÒÜ%ó¼›˜ÍÈt $5ûD,Ï¤`Ê²L¯$+R›Ã,D'¿N4Özß½ÃQ–]›"¯8w$°‹a•â`‚3,ÊHÏÈ9öçÖ ÛF³Â†Û›@3;¥A±à?˜Uõ‚¿µ€‘œ‘k„¨õè{½ùîe–`Õ#×x©Ç´µü~n
Ì·$½qb}´Û¹#ÆŸô›(í/f³÷þä&“ßQm·³™G›“¤—Î‡ül×>>w‡¬É’^_Â¢¤œbªr¶àÅ	â~¸¶´¤•]ÍoSÒ“H/*£’8Æý+1²hÒýIŸMÎ£‘2&#;êƒëJP°ýßÏ²X Çì,p¨æg%ÚT'cÕÏ]‘]ü«†.ûX$ó;}Ê™…Ì”BÉÁwJé•‚™Ø¶ŠÂk0Þ£‘uÌƒäsMìÈ‹š—åYÉŒš&¥`ƒ_Cs¿]7~®ÄBÿ”%ApÎtÊ´SÒÛ_¤)ªÔM¹DÇHµØ*L’ÂftOÄ»ßrõÊæx5WuY“Y2ÛVá¸*îë)\ýy}ð9.->`ÜH«õ04ÖDŠ½«1Ó'qâ%G…¬”»^xëÊ?i¤#¹J}ÞwM1ó}šCyUB	".å"ïðÓ-¢ó‹¥¿2ûssÆÉôÚ²‰#8„ÝšSEñ½²
‚
{ØñGûÔ£ÿŠ†úž;a>µ¼‡ÍÚ#·wå9ÔoŠÀv¨ l\¶Þ i²ë÷š¾Ñ6ß®ÝxÜ›V5¥•Äß˜}¬!örKÒƒB¹i¨æ:“`jMÎ™[°®G3NW£rÜNlXl¬9›b¯?{WbYy>J%k}/¹^XÚ6¶«—Ôµ²—G„¶.q;Õ#sVÓåt.!êò.¥‹˜Yõåø‹øð#(+·¿9U”ÈfCñùk“³}"v%”¼;íÜË$|j¥FÒ>ÿ¬dt"t)‡ÖÝ†°É”Vjñíµ‹•Vë{,÷µyU|Ç/
)&œK82;äi…tñxU(|li*äPh;ÿ={IÂ¬É¡×	îÛRäT÷²-pŒ!¾>H€y°•Ò„…0ÈM¨–„šÛgû7xw#Ô:Êå®i‡E·ñw$“†Ii:»¨;œV½=.!>3–f‘GÎ6ÄòÝ“Š7yEû14…Ï®¦vÒ`#›d nî°iàAö:’n¤×eû,%®zÜŠZêÛøú®4NO›L¨o¯%ÊÀ¡~´Õp*/TCÏ£Üf†vnÍ÷ÐQ6“$_ß¶ëöÒ,S@íegáa¢Ódè
f}&>Áèé†<<—Ó_àôj¬-Û´˜Æc}'ó¤<g#ÆI38T{Æ²Bß!çPwYšìÀ?(0¹~ØèZ)Ðõž…&È"Ø5ö64ì7"XÂß‡i´¢Ð¶€Â1ÙÍÓ`X$±&%šÇR*nI˜»BiâF
êÃã¢5‘ã¥U«ÿÆ²’:8Nëp¯ª/êÿ[íZÞðì·à¾À2vEÏÐ˜S#
ÖÆü™õYƒ‚Ÿóûò7¹?ç6®³úÂÂÝtfã÷ðb2¼¨
fÏ
‡Ÿ ¸]š(KÏ°`™-îz£—vèôÞ:ºE\ö¢ûkEgÓºc[JÕq S`=CüÀè?¸`ö}ÆÕöIÑNô¶Ôª-á½ænä¾jO˜7´ƒ7Ó,ä¦	Gú']'Øë«E¹VaÊ¢’^›´®€#ýá®AÉf?®‹~™<1OÏÿËô=1‰nú1±t"˜òä–yH‡ßØX¦œ¢eMÍ^	¬Š¦0{ Š?÷-úX,<4>ç 4P&ËÇfñ+Í‘å»“ó¦LLõÅqb»ˆkÕtûP´<þú5E²¾=þ¢–Q`%TÙœ[`ËË¡Z¡ŠJ²SõÛèª£Ù½ŒDÌ<ë´Ð*Ó'ŠÈõs¹r„D
#FhK=]vQ_Õ³ªx‡{÷<ôU¼×´®8ª¥	p¢®«íppÓCb,/®zÍÆj“º”oU½ƒË}²ZÊNdÕ½ôs‰Õ·ïWeàiÞ¢0C>*tñB&ÞÕ[Â0©Åï±ÿ’|ëf{±©Ä˜®)Xe·yW~7ÏgYº%Ê£é¡1:î{çßÎ–Ü;ód9†y‚Œ§ˆëÑâ¹Y|ˆ«œ%´ùA³¢’»Õx#L
G¢¨&âÓ£ÑT…—nxéˆ†PF÷\º8Fn=41,á²æ‘ÉÑšÍÇïèë[n“Œ¹Í*Ñ©"TQ™›wÍ…ê¹¾›ù	”ÙÿÃú[!¼ßn*"M9}„þ*Ù&–ÂzZu;?Ðã8k@ó¦„«ß„œê/8%à`¾Æä2‚èä
Ž6HP,…fRth'žë¤UC2*bq¸è$‹šVƒëçÇêk6rŽüB1#.éøë2€6'P'r•vøZ,ã-bJ¶tq¬Hñ>üvS§æ+–\}-ÚÚ†[HrEù™´”ŽÂ÷ÝXäSŠc†3WîØ¾e{'Ã	|:¾³“ºA+€ÁiÙ¬LÀåÙI0¤¹Æ:u&TA‘ÝBþO—Â-ÞUô!¶æŒaàRÈÆrõÓòŠ‘uÆ·^mP5XƒCMcVtE'ƒÒcÃ/©òšóú
å2'le%âÂM+&ëLLWè"|>Ï/û*½€‘ÝW×‘©”{$PmäŽ
Ä°wá²D.ÜAJT{Q¸1¦?û‹»`%ÀÐ.ÃqÝñä×AQ×mR1D0 "îH±—t'×gLø…]m£Í…Œáçš|…4çÝ-«hVÑöé5XçS¦ôñk»±+b-ÂS[ä4k¶îÎFç×4µ×lõ	Û)ì<Lu.9r–¹ä¯Mg_Ø*ZƒDéUŽ¢ÙnîuE=¶Ø“.\ÆŠTEÊç›å5$¡»ü¦©z:€ýä7§ÝL…f;¼8¹ýñ×ä©m‰ò'NR–’lä^æEœMxg-V]el“HE({¬\ÖŸðÉëç3Yå—’h‡…Üyâ²A’
„¥zBhªŠÚKœ.)Á‘ÍÏéíh8ÿ~ØŽl
¢<ÞRó¹Œ£çÞ
02Xuk²Šv¶I™¶oÇG]iYlFuÛù³òÝ×ÿ™)4do\tghNa„\f‘–k¬yS;jùœz§XŽ$ëh-:CVÐåJ)Å nlPÙXcüUÈÌ	¯Cœ”4Á¾ã˜ƒ)Af(øýcnXø§ y$óiˆÁ¯ä`…tó…C·Ç±r‘ežâ¼«šÎëzÐÅäîüÜm†¯A}`ùl^:PŽ©K„ûEZ„ ÏtÏbCÑáÒ-’B‡;Ü¦ùòÂsP!Xš(±tTÕ€ÕZ—W$nFDJ¯ç±±“G¬¥)²Î5xd˜Ò¦™‘e¦Ï3IžÈE.4Ï]p‹%U‘Ä`ÊCÏ°ÆämuçÔ©jŠàv>Á“Ë&¯³#7Rnk/ŒôãŽïFõd˜Hþ6ÄØæ*üð¼ÞŽKÕZ¹SÒ×yÑ³Ê`×è“w¨’+ç5ëyÄNU¹UŠþo<§Diç2J·kçåú¹>±ÈFxþ]™¯[B,ã$õò’áÅ#»×oh)@Ëƒÿ4â‘§ö7oÄø”=Xç”®æÎ%iF69®Ý²[Ú[£ÆÈ˜Á8(ªÈÁÃŠ@arúÑžù…èhåibˆT˜³X”Õ5üZ(D—óã	ÖxvÕØ©–ÿ‘œeÖ,KO*Ý½!qê¸FÖžÐ?aô^T†QDÌÖAåIÏuCm’ù/hDÁÐ°8¹_¹Ym5œ’ÎÒ¶êƒÎ3ÿ;‡Ý2·ÄÁÊ¢Ì8=ù]øãüœàÿþàî[Û»RáÈƒ•óŸ —¸‚9%z<€Õ¨ÝŸ1˜·È<¾;(;Î¯ÂŸÑgô_¦	Öè	RµúÈ9#[ÌU)¤*GxN‡O}&%Z%Â$™‘¸‘‘Ù/HòãÍãÐ¤£°Ã„Cƒr#JÃOÃ:C‡qŽ&`07x@psAKzüô…²b hŸªÕ2Õ	‹ÇÙÐýn“ðçjj.Ê‡NÍsqÒOR™í“Ô]¥oÎ@|+»}¦¦€&ã™T†áI6Ô>\Ù(S>x¢ŽP§UrÎ	ÅVU'õº/”Ü8b«ODÕ„
-b'‡d?ÉqÚËG¤€«íÏÖÆ‹ÃÛ,5HÏžfR
@Ô18ÒÙù¤]Ä’%¨+[Gý4õKºŸüQàí*"PˆöoÁ2’Ë«JÇÅ2bª"G#ØŠêÒ=
Ù-aÕ«_£cßoíí[oœöÙ Ä÷{_=pr(’|÷¹Zè“éÃ5õ{çî™5A¯C~tJnŒk]¤¯:¿¿©½ŸØÁÙ^Ð¥Iìx¨ú‚^ÔGŸ©KLº±)ÝÎ7Ÿ]›i4puÉkü<_í¯½£üÜ@õ×Ív·AÚ„‘œ¾¬øSuZøób=ÁÕ¼ìû€ùK‘¾aW@¾ù~Ðo]ÁÁ†…g÷aÞ>øy®wø\§0ó|?åKS‡Ö¦}>ÙÓàt^£mÞôp'í|HM_2dty¸ÞÆx?Ôa7µ(LÖª	ò>ÌÃü£÷Vdó¹¹ê¢Fl1vIÊõPâápì³OÝ—¹OjÁó™µj*{f×¦=§Ÿœ¿ŽÏ«Ä™l‚ŸZd¶t^\÷ÞJÛð^|A»nÀè9ø7  .úéË÷’
R¢Mm˜²½™Ø=@õ,î`††'ñ§Ì	º	ã…ïH_œÆšç‹tBƒw¼dYÈGhìèðÓÜgƒâãcÝòeÓz’äàøé40žû×fSiº£—´Öd·nJ2ÖÝu£—ê…~m…—†mh=ZT+æòœeÍh–©–Nü+6Uç^Œ¼K.)µ¹“¼ÅôÔü›¿œ¯ÊkŒÛ÷>“·vŽ©ƒTÃÂ¹"Q“¤çn0L—ÓE}/óJ1Ê©ÝÝÏ¯ÎëtK•ImÑN¹ YŽKkPVfwã½qØÌ ‰;3†˜Buº"Ÿ|E°Kù¢G‹Å{¾W6¡ý›'óMAÎPñÃ}…uý~ÝRû&ÑPÈ[°ôPD˜îEØw-Å–V6&±ËD9ˆžeQOY«ßØ<´;æ^¦Ð2†
l„y>n`h³4ãi&gïÇÍi«ë#Èˆ‘LVnUuÝÒ$TUÌWÞ[”VïTœš-sì|H•’õCµÒbBOq~—'¦ÀÝÓ‘Iÿ6tÜžç?yL Ë)EÜšˆÇ!5¯d–[…2£ß*3zßüc8ÀŠe‡P¥îØXbŸ„ßiÜWS÷Þ7‹ÎÏb_e)36ké8„R§óœIS×…Mxÿ%ydîófè?óñ•6h†Ò(D¯7Œþ+ìéÅ\Nºã+ây!³z(‡à¢À¢íÐÚ=yYR9„´©Â`dcíž2ù|E®e”o¼.ª{ÇÕP£ˆÌ¤©\¤’½ÖQHŠûaAµÀ«fÏHÛ—Ôéh¢‚š=‹¦'œÔ”®ÂZ‰]"R‚ÏqZžY“XŒŠñÞ!Œí@ómu£ z¨ò¨|mÔð÷UeBn¦Ûˆ )ÁÔ2V“-&s"—&;K :?ÉLê#ñ]«ƒQ<…
¿…æù•:°‘Bèƒ¦ç#ôQ:É¡lCÆ×ŸÍÜk¶|¼0-ˆ]úˆ¢yZØp“ç íŒ€ˆ`oTr™³ÂPdž•–2æA#ìê†ÒvQ×;¹UeZ†Ô0§É‡Gc¨«éî÷8Yr©Z?Å‰L¹/Ð·rŽÜeš
çûK”ý÷†“®£ÿžÃ y…Wh¹fv ¿Ð‹É}ùå³w6XŒËi´1à8µèAŒ^óÉh‰ù•å5~)nv?!›ê??ýkQ+O 'cF‹ßõ’õ·ÔhÊE÷ÈI	¯A¸j!D¯„…Ä .Pä»zÍ<c.„C×ï¿ÐS®©k]ç/CI}ÚsswÙ?®?9A~îGˆÇ ™Úei*ÀÄÎÑd!ºŒ-«2ZC2©/²¼á¢q¹ÚS€C[çýC&Ñ'„¥Á"_²3’¨ªI7tf‹âwvù6òûbµAñàI÷µæ†j¾1ù—e]_¶.	åUñ
«•ômæ,²_•_dSáô~pëäô{nF¼ÊEW£¾©R#n-ûç…¥¹S$¬á™Å<yoÒ±”»Ø¿gj‰Ekòy×~_ÐÒëÕR14#Þ6%
PxekäPU²	n©ð.0wÓ¿ºÿÂÕ// âfãŸ´{8 âŒ"ò=7[ô=ÂÒ‚ñÑß¯ðïKu ¾ý¨[RÙ-³faô¾sl`ï F@#ïÌ»=Ü”rB	¢-ƒ¨A…¦ßˆ-DããoQ—¼Á#dÌJm""µ
¿[í…á` tÖæMM(Çã×ÑëDßòä^³x¾Cò
Ö³m0yYÙÿ9Ø@dµÿ|Ç÷dWXWTðÃWÙ»]kŠZ7%XØµMOØD,zˆiKƒóÃÕ-üÈeÚ8±2í†Mw]KtoÓˆßãðˆ9F|¯ ñÕ¶ô$q/S* õ7/7¾2Laot?jžKsLE3
ICªèV»w¨íuwk bPÑOö‹/ýC.dÝâp=k¼õ"úû	E¬M—úÛ…$¥Cß³ÅÇk[ñ_µr$˜DÏ
qÏ†Ú5ÞZ;vÄå;†o7¼8ë
½<ƒHÑÚÌX_Õß4gÅ#‘ÉiUªŠÉÃ‰,¶ ZO8´•ó¨ÏIœ@Á‚kß,Œ¸;<
3ƒÃIåNÿ9¤ÃÈZbìÁˆ¬Œ.%n¢k5I?ŠONä¿>Oõ
dŽ	íT³!Bjù@ Äví4š¦1½F¾˜émwì€2v“Âž§Ò<¾Üö·qîîŒ;©N»Ñ…ß(z *,uäª¡^~±Ç¶…·Êe"ÿƒi«Cê…bh ÃMÕ±)WF¢ýn¯Ól)ˆ¦¡qG83ÃD†’ÉÞ;VJÍGÑ–fã+õ¨iëPæaÐoãæÒX#¹ë$ÄÖÅÒ•;½R=&¨Ån\OoEhË¯?'ëËü`6¸ò=Öå§º_|c¶Ò³µ7\%šï9qS!Aº()[èÆ?àÚq…?ÌGóQƒ¢ m@hv¹—&xÜÅòƒl	%žêy‚ïÌ”·?ÿ«ë’güÍ@—Á-äÅ(Çdvš(
®Q	3O%X±z@âRƒ)	G¶í£ÿb¼òdFZà¿æŸâz'ŒËêíã=üÌ}Õ•Y°J{‰Î`â[½Éø·3Ô”ºœ¡Dþ
ÑSË.õ±¹³Š¸mþQ	œ2FJ²¯Š>u_éó“3þp6ÉgŠ‹P«î!F¾yÑggG/±Æ¿¿øÅ½'°I:Ep¡'üÈ;LL¹.‰Ä§Ñc›ÄuŽ:xpT¬©í¢Ì*§VïÁ*DºÈÔ„1°“Yá[lfÐ´wôóõèUFŒ"â+ÛØSê	êk«²5â¶ÁG¥þ©ÄO‹¬ÿìíµ}áƒÂ´»‡¨eÍ“r_Çuˆ>ÜbPlZ×¾”—táÚ7ÞÝÅ1·3^cE@¸(6œÊæƒè©,ÑVDà±>£|n2ÜGaÀì¿ôtÎþyPÌÃV›ÆJÖò)ÇT'
8Þ“¯È—ç³ýŸÑí"Pò€GC ‹ð%ŽÆ
f1œ³õ¥!J6)´œuï Þþé0ãøiad0Òê¶ÆoVp© i~^XD¯ëÐåÂ	¶î#Ž‰‰’ƒÀ…QÙ¼p ³C3ï[8ÿÞfBò™O]+V¯#zqç!{éTð˜4J
•û£Myþs	'gMˆÿ½¾]Ã)½Æ•‘S>ÃESÊmêIB×rü•
-q§Y•7|K>š$oªòõ*5Õmì’sU°¤õ§ÏD77šÅ—?’Ë<QüA-eµâ:BHl›Ç#¦iTíj³£Ãùj¥ªIÆ¦Í’Jkž^.»Úa×åŠKG²„[±r˜à"–1ÔbÃ…”JeÁÃ.<–¼UŸ4pš´ç:üÁf¾¹ÜFrš¸ïDM&a²¨åÊ<SÜæA'œy×Âä·Tº!Ü32.iYš¤°~ØÙ¦±Je5²‘å¨Óê-*-§4Ä	Ý-l÷·fæÛ„uùÓî+î3ŒoFñtXÏaR¾Òìžê8ŒÃ=x‹N;Þìä‘”ðm3\øÌW»ùæ™ßø@·ú»˜]·Ñ—{þVÌxó”…®	žïT9°a£8ŠŒrÝò"¨Á‡š2»‹NÂ#â[‚óX©VèÏI²ÌU	Å	Mfs'!Þyˆ	åÐÁÇ¹,¢âJ–ŽâMkÁŽßøHY—)ÊüŠé—šŸj>!uvº
t…Ž1+MfA1øEè©dê@š™ªê¦vlÎd[p‰Ýª—³0s›@XÔ2ÖŸ’<¸Ùc€#çö3²sÏ£ñœË ‚$Þ²®¬¨Æ)ª¦µAÁˆ3úaêP‘ðŸ=(™õ÷×hÄkqAÁùÏZÉé¸bÐíQq†gßºˆØZ9æ)î<ÄÓvžŒ.O÷1Þ˜ùl
pÙémãš{õþ¹üdùšcé¯K%Ñ$l·”¾ºXÕ=%ª[ÏÉ¼Ór ê@±Oýý¢ô#ÐP&!.Ô·[LREÀŽ…|U!‰}1±Uõ¨csµüñª¹+¢ ìÓ|ŸUÃÏ
%–Ì·:^^·£û
$=£äù¬@!;ú¯8t¾¶\¬¡v?’†|çÀþÀàøZ¿ø·ñž?æ"ŽSÏ<¯>ÿµó9p=‡¼Ñ2Š‰y¼thÙ‹öÚ?î7'Å©fÖ4oìÆqx—¢¸7]ªNMÙ)~õ¯¤°4tpsU`¢Ö¨äƒnnHùäqjt+9¨%‰H›·Î¬ægtêÌÕbˆJõDLm%!Z³€š¾tvÂÿ«wbjú#
'›†…ÄÚ¯ÂÖ÷„€q‚Úú†nî®]ä”F£Õšç6Åæ‹?¨Ö7Ë àÿ#œ‚S]Œ¨}–ó®«dÒølkÂ˜q³ÿ—â‹Y—
º¨äcn\?Ô±_¸W7lÏ6Š5½jÀåÕz‘æÊ[Ý>ö	C×VßooQYfš~·*¼|öÌñ¸×_RË¢Š!.@‘²÷Ú?ä$)¾‘‰³€×B¸×wä|ÆåTÁ¡Rñ€¯L¸0Ä˜œ’r¶ Â!ßâ±¸œÞ\IJ¼Æi…íg?¬íºšŸ(ë-Â:‹Æ<oÍb_þ^yÐï¼D¦c]¥íob|âù›ÞuÆkÙµƒÇ¸î¥ÚyF Tö@0|™Ù0;P_áx`z1”¢¾š’›ëƒKf¦‚Øöî¯áD¤ˆ@ÔAX¯ƒt‘ÛvøôA˜jGKÚ°Ìd‰èë|Y×$¿&ŠLgN`„)JRsü±ð¸È¿:dÌÌ¦îÇÐLhÝêÏÕÒ2DºJ8vþ4[^Ü.Öá˜‘“»ÚÎbÞP¦ºUS•,à°'U—/2l±…Øï»ØdJaâOžMÄN‘Êõƒ^hq¯òÀ5‘½h†R”@±}Rñ§âÇcà!),œA¿ß=ùç‰dpyzò³XŠY~Y!
Cpj;õú“¾mV3RÂcÈDç)$æa±š¾Ÿ®ðŒ…ƒa²	p›ºüçgµ%Ð~ñ+€iö ³ë¶Ó½¯¸ 23¶,¾ûk#ð
3Ö·bwçã±XÁÅºX\šO™!®ffE`GPnq–úÝG~+3–Vg=ª½žÄ"®e¸î^òÕ}Ð?I„ÌCÒ’åPo©žrÕþÿþÝ3FÚ#‹ñ‹Ô¥`*\6–¸5ãpI-£eÎØðÉ[:n‚N§
µŽ^ŸNR2~È)ºÿ± "BOdÑ(ÛïÐSÂI•zÀm+T"(]Q¿æ-â„[xê~@ðe}î_ùÏÑ a('T‰²Eâ¸Ò¤É«ÙIxM	 ÉC¹8˜=–›V%À%X’ñˆR„5D¢brü¡ò@öxuur¤ldnè5ðŒÊ§ŒÃR_Ñ‚¾ËF¸\(^Œ-¼+4IŠµ¸i@ŒËkÓ8…—_ÿéU¢Ÿhú˜k·G«

€€ ±bÑSç29p´=úÝâ¶·ÂÑß¯öž‡Ü6sqU¸¹q(î16ô^Š"žŒ¢(Ñ‘•ç³Ç÷íý¡8¿O[z*Û›|o¡?D¨#§#p¥÷…’I5d=Ê9“ëÅ·ŒK/ºFEòÛe„™&]ž¾ÉEÿ._`³¦X¨”8Ú-†ÓÈ-¸º“ÛC¬±Û@3D<q‚R.F¿Ž,¡°ÔÖ±$´	—Ò¼^ÎþÔ¢íb«`IÜ"`ÍÊÔ”Šk†yÄ|#„ß=5«|^Ï 3¡m”|1ìÈªÚqd´œ"7™(ÎFÙø1]^q!@êÃ2j‰„E«[áU"utè63,âÚu=V‚	P¨²†M«´‘Ýí	IWV\ŸûÅü60p8Æp¸×Ù;ïÀ48¨ûˆÌ>P}ãq™mù™I±ÀåÈÀOtGû¼åFÙýyøßx×ûYíÃ*ïªŽÀeGp\G°Hoì%x
#
®¸Ð±HÃŒ…Î?<ÔðUykµ“Z¤]ú]æ
À9Om)¢ÝÅ1«Šeõg©$¼šSÊë9µ¹’ºÿ`}OÄ?”ïnÝ!2tKQ¤]Ûé¸ô†$Š6uúgÁÑrŽ‡VŠñ¸"ï“ÿö@ÂìÃ)—òæ¼dŽ€@÷¡S"E±tMkÔ“Ã_pßð³ì¦$Ì+ÒÁ¯•âžùÔM©zÒ–jK‹ˆ#æ²YÆFK6óNyÄ@á¨6,o…5‚&5ß™TGHJ&Ê'¯Ó±È)Õ¹{Êš>~óV{Ë
Åi¢pk'<DZMôò7R)»Š†-ÈìòT8!-¥O»7´!Û<û: C
O1lu™ˆ§´«¬±K ×¾Ìoòˆ¬´¢BX¼Sé5óV
,ä,‰O<>L®Ö¨|â~ìÍz‹RXíšâ/
-fúmFâõ
Ù<êùã!ÿ“µmÎ€âëõÞ|ØÌsõtè\ÐÚ0ï®»½zÊ¢LˆŠ©ÿUMc¬™&–†rAÎcNLìÕÈ·—×FÝ¼Ð•CD¸BªOí×%Œñå½ˆž[ÿ?ôÏŽ?qªíá®ýº¨ýï\Rô-8Ò÷Mß‡Z
!N&ÓíÐ.ã:ÍQÁC™Ci—#[Ì…˜ùÌæ2+käRä+›í"3t!îG/Gé±YYöùû3™ÊB”ƒø4,â×Î¢OßÚ¾§\×ÜÙ8t"pÌkÖ×
Â}¢ÙŒul2ƒA]
ù&“Iªa$«K¹&¢h†å2òZh"ÊË¶0Å7(ÙÖZ^ò¢I>ò·”{ù¹ý8)Ë™²!I8bø>™öÄø¦j¯Þìž£<å;Ä]5àËÏ‡WÆßÁ‡ÖÈkxÏý‚®¨ÉæìøNëç;)q:p³°Õ§á„«M.Je =cv¼=ÏËGì2¸Äª¹>1É†îŸxžyüó_G4zÚ£ñR}¾b±lÒîÒ°û(ðDz¨l1•¹'%T—¨š¤ÜîëŒv¹¥Qˆž|\Ê¥„¨TÂéî è£+Õ+óÝ%Ýø/oâ*†ò2ž.W(Áczä†Hù´(h*aZîÄš!ÉNg'¬³ƒÜtßh’Z'©—üË|ÑùåuèýƒPŸy?ü8up¢¢$o/lædõE[@6·Ñof¶ô]—ô:Oˆ~Œ”Œ™ùî) åã‹|O®ò¯Iâö´J|$›X–W-MÄ›:Â JñÔöQâ»¦mØ0éIççõœ°q¡Æ›ß¸g±HêÎë‚{XµøÄ|ôD6Ü¶+µD7!;L
ÿ‚0pNÖÍVm“ìòDkÙ,”ÕO…b>ËùnQhúIC½”ó±û‘œsÈ´8‡€ÇbñA˜Ä€UìjL¼"ÀØÚE`dÁ-r¨pŽÃöµ›žöwãC’ÜªÂWgºääofÍêÕîžj
3ŒJOßÎ”*³F‚§=8ÏÙy—3.à4Í=…Ë†Û¤í EgsÏÕ…iç°’&
Y3ë\4Û‘Sq÷š&×xyPÄÅ†#E½‰¡Š«Lž¨º:`ÅLW%%îv«!{›Ë¤ùH†ºvƒ<4ª.Tˆü¼?jå/ãlH©{9ó~DÅ£Óz†“ª‘ÿ8[’qê`D9ýù9Œ¼àjŸºÇ$âpŸ<,yìEð¿ÔQéÌ°Ê`™¦p
í(íñ¥Þ$šÙ‡Å±•À,ÅéV¦˜ò²De1¤KÅâo‰p31¿GgM‡Ê±6ñšÒˆÒ}/Fg[g0Ý³”Î‹€e4ó‚˜TB**UÑV€Î’hH›	8\/.Ò¥íª/eÅèU9ç¼,F#—„ÆÖGä³zIEEÊ•=\W¿'Ý<Ãè¨K°1X=ˆ?“IËøñaoÓHŠ7²æ5•Ò¿u£S€ÂÈˆ±_S^9tŠY~z¤héÉÎ¿wßJ›G'W(ûØùX©™2ûÃÂ}É™GÑ§ðè÷³qÂ¨8ÈV.ŽÅAÎÅÜ½°üN—üøÊÔ~FÉ¦l@†o ãã8½q0çMâ©^¡Ö[@òÿ10É1
ÉÛ²…/ !Z,hžGØ¶¢AÜcO³	‡g½P[ÃÂ¥µr>ýÞ_CSÂsÖÚ¸ËµŽ9Û¿²+zÝ ^“¤ñd±¹t@ó%½½˜^Ù)šòÇšžóÝø\›´Òø;F/ÚŒ®Øy·…;Rnž&dg§’Çã/÷ï
'öX—N¢zgdœ]=pù.ôr/€×eM¾ºêò¸|úéIÜ!¸çý´%L
G‹%/ÀÕØ(ò¦ÔÙ\>;Mi~-Â0
§d‰N»Á
PS²è6-ùaÌ;D‰;r&6Ò“ËÓÓ)¹q'7ÂGV	3p—ù~ËFX¢›`ÕÃê%ÒÖjG´¬E|<Äÿ°—Àª“cYðXE½jo¤êá©IÌsö¸¾UXD¥ÝÕŽX¦W©%¦.âª,Kˆ5¦¬È±óõ`!°`ç3N4w/4¼AqÍq&RWW‰–Ô#"·âžYp¸4v·—f™=nU3â0ØHOlO»ñqÿ¥x6;õr³}…Çè¸¸í]_]êO4GSC’'À¡¥ïÓö¥e[§R/0ÉŸ9Ñƒ[íKf÷DrÁÎó_½¼kÏZ/•×*¤BÚ!k]™{Ë¨jƒæªè1w(x:ÜZ§ÿë»'¿!6w(DNÌì·æ',«…"Å,Ãã›‘¨é¨+±“Õt¬d`]³àºHê(hÖŒ&È‘”s©ÍÁ¬iöxŒ2k +£aEÜNà3z±^@“îŠ‡3YÈ mLÛY¸œÖ¶u•\-«ZzÖÃ-!ß¢7èý?`bšôjh åÉ²’•
‰Jq^E9Ïèd8eHŒ£]fÓåëü äŒN ÷ï:þ6Èp†N®^Uò rm´GIfbLB*8{<ÓTVy'Áwß¥·ÂCHÒŸ¡Ï7‚š
 F32À‘@)g¶ÈÕ•¬f}Æä|ÆVÊ4fdÄ3JBÌ>£¤mà²ÙÉÕ„ÇyÔ†MfcÖpè3Ó<‚ ¤Þ¾ŸÒƒÿ3G¤ÈÇÃAÀäeÉog8JxÌ‚Ö&DkÊÃÜélvý±ÉXˆHƒµ<mN“G•›Œ±!,œÛiƒw™P¦"âpÿ[@Åß!Únº‹Ý%(¼ÁÅÊ-e£üˆvEÃ™[jô³"ŠUa†“é‹Û:~'K¬,¸Ð/ŽUôÕ°êŒRlà¢!(aµqª®DuH}I¢]Q¾¶ÂDÃ¼y‡P¤ˆ±à±‡HmL•ÖØ#‹juTÐ'º¼cÃÚQ²ëK"ŽÏ/¸…ÒÛÆUê1ËØÌØÅIö¾ðæÜ&Ÿ/ªŠíÜÏè9à¶†ÃƒëI“gñ0o¯³‹›ÇkŠn"Z¼ëÂ×g?Äõ’†”ìÞêf
2ºv K‹-ÔöPi®B*e%ywöD$íÕ«"E„…M>šˆm‘¸:œ˜ìè"å€5ÿ;Ó‡BL¦ÓôÑ<ë¡“
n¾Z>q4æÖ˜þŸïŒç–ž¢/Vù6GF§fW¯Ý×˜MYPb%év Á
NýÄ¨¼hû;È!ä\ªÙañf“æaû2›¡ËåÓž>1|"áÔ¥âþqG8‹NlûåÉ®«ÁÉf!?ÐÚ¾ákcÉ{[Öe#S–4!~aÎÌñØõšÚ~ÂÅ}û\OYóéìqjÜi-mÞ‘7¢FR³7yÁ›ã\½¶#å¤\!KBohÑcÐ¦¤ÛŒ~¥;à*?èU#æ|d‘“¨
FÌ†G¿²ãnÁxW›ðqhùLrÓÕ¼öY5áj_gËYSÒymEÝÀSÆ|p$†ÿº9<”ò˜Û‰¸¶ZúÜÿÓd|¾ØIÊvšWÌ5D,¨FdâÑêG^‰úm8Jº-KLKÚ-†nú–H•~e3è scN9kr‘ZÒ\æÉ„™rŒ*µò¶‰*çà´UlçÄ}ŠáþÉO™áÎlÃ5kLÀ¼|ySÈ:ƒÍM$8PüQ‘‚#¨ºWÛQ÷=¥,ÒI}+QµÕÒÙ½ÂÀÓV·zÆ[ìYY£
‚|§¾›„ÈAÊÁT™Œ²hÉƒ£2Üçâ±eÇÃë÷4üD‚²p"z›Ò+cmh¾ÎhˆØèƒ‰ß’¨ÐÇÞ¥‘&Ïq
“gÚØ©;ÃQhÅ¯>ÒÝpâk÷ÙÕè³àÌ†¢¢{Ó›1+–X"*•¶áÞðüÌª³ï©µÏ—ìhMØ ´„ØèFÎyK-Ç_¬VÛäWÝ¯“_ë‘ÅîËsr°Ò”äÙÕ½ùâ\LQ†}Î-Ñ'ÂéÓøˆFÙÚ1dæfh©WW¦-[Ín—Ž
µ$“D
¨Ý¼P`iÿ–Ã>!I‘è&.«'WÕ¢3¸!B¤.êêÌý4dyøR+tûƒ{vG	tš«¯ÓR"F®—E
&=
~a±Ì°aŽ4ZÆLÍ4µÂÂ^3o³´HöØKrÑ‰.xGÁtÔ/#Fé%:;UOIg#O„©¨YJøy"§Ë(…‘‡OxµÞâ	Xeë/Ú8ÁtåšlsC‰rªsÏv?k@€È½«
£b¨·öñëX‹0ƒ»HO6 -@~1×²)%M@áoôdƒ†•9ª–°õ&˜ÀL`	'0‚üL#½#¶dÇÇÕ‡±¼ƒàÀå¸nXjD5²n20nÒ
ÂD- Z€ë…×¢UKÑê7Ü¯`ê`DÅ°Ÿkd9z‘ýZ,]ÊNdo²e5^q
²˜~(úOS—‡îâI›u~2_TÜÝ"`Pê·æÑúòMržŠÝ4´"Å‡>>Ë¾JÖc.:Î-ü88¢ÌnÁÞRVZ·—&Hß³H.`ô‡©[’”IuÕ´iâôìˆx³‘µ6ÆCkZXê%cj4»DK²Ùp}ÞÏÅ©Šƒh=¼.,=º2³¼–pØB‹´ÕmVRÙ…†EX’`Dª£–|Èè¯ˆU3«Á±UuYè‚²ÎßœU¨¹´	ÖÌP!ë±F¶ÃVR'á×¢V]¤+N| Zkü”p‹V÷]~7o£$ý˜ïìŠÙæR3<ú”!Iqƒ$Ž¾hÖûs\L9T8Ã²ŠpÍÌò:¬ü¥…æ.WïŽt^Pi–<?£„_ìÏT¸·A3j¢.?Ô2¦8¦Š´“ÈÓ.‚r…êü¨ÂVýF¤‡¾R±>”<*Ù°Ð¢ŽçVRa®ˆ¤˜ñ‹2CBâqQmh.mí®wòc®ÆiõNæd–ë4z
u&9Eµ‘·ê'r™U’l2K\Zj»:Z4¦Qú9p-½iœù>5¾€,/¥oV›·$£¡N™ÜÎˆ×È0"âhÑ)ojHôR;m*Cñå`-åjÑnD´"/¬˜6Í=9WeÔs…1-©'iEwi{WqÂ³b9MIš„U³vNBÆ»Â[Í30²Z8ªƒlº«°-¥q.¸yî¹^¨,e·Ï³
ÿÒTl0[xÉ)sûˆ
»Ý0 äÎäå™Ýà‰j<*Œ¨[ÐØYY83n;Ò¦Ñ;!œšÓE: 'ŒZ¾-"œºŒËÙû8E0h 5o÷3§8ØóY»\1ã¶8« ~¥sJí„CŠàš¨™·Ô¤¤·ÄÉ0vwAogv¦Zœ9ÖŠj¨×š¹BL‹ÿ¼·±˜/xÒjÚ+ÿoŒY5B)~pŸ²É3îV¦#¹+£†CIÙ&èŒXÀ…æ5BÌš*Œíµ8‹Ò¨ŽõÎô»ËÛ"º"LƒÃ%šnÌ‹Ÿ E¹ß#¦é—X@»ºã,D8‰q{Â=Î2NGI|µ¸`“qµñYàÉËMå^ÑPærÆíõw‹ápš]I
I¾ŸàS’
*ËbÁi7’’Åëa‘»èeQ¨,sƒŠXfyJd(GkÆ¥Ã¢¢-ân«Döþ¤éÑÉ¶´Šð„
¿)-c,U†ÈîD3™/r~m:ìð—È×Œ*²Hñêî)z•êä¸ï|µ4YWK†¸À®—ü'ƒ´ªB€ºÇšº-€ª™ãÆà®N-…vg[VJÐ¸J™3ÑEH)\Çxw”K–ÑU·–šjB%‘ê3^\Ü¢ö9k:Gç¾IÜFÖØ@&2Ñr–Šv¢âÍ¿úuºm“:-Þ¦gÎW°¥†À´Îè/Nñw§—‚a“GFÞâ"*ÈÈf	,ÃN7}²;©ª¹ó@òÍØ<]ôÊi.ñìT¹u³™i8X…E=eëŒ’%aÔOAÀpZÅy’ò&K%dNó5*À¦³HXŸYÍyK{S’¤GÌÊ#+ˆ+6.9ó3Ê–9ÆÓ¿œ†m%X^ª¹	rWGZZ™˜‰Ã:œµRd#vGœùq£#€~nu]1”·ËoJ¦»W#6ðK<Iq&„–áòª-vYÁ7$‚ryÝ
„„{rs:>{1k“~$0ºÒ‘"3åÇPÆ(óâ¿0\µú….§¹…££s-Të;@*F¿ÕŸ®’ìn*±¸™¸gZjG§†Š8ÄÀ]¤LæWÏ*L
|t–”´°¬ŒÖª:‹c¯ —¾æ\Î±ú`ôá±¶¸™X:xK7˜(kz½5¬aÊ˜;kI4‹yeëµDÞi	¦}l²†÷£
¯O?»†cåRš¦,B*êãE6µálò)ÒÐ¦™ÿ/¶|Ç•ä
U&ÅV/rjV5¦Ì"µàöÐð„„—¹GÜæ«–&4V¢äòx¤‰ZØ^î®×9è^.Pç»²+×
†v'[j•GÓ£'Ó´®ôÂp1qfån¡d$Cðëi* fÒŠF‡Û‹Ðc®éÄásf›OÐTª³Jõ?˜Oousq	‡‚pŒ¸D¨Xun–k'yZ²å‰®G7²øKSJ(± r;IPlké‰ƒ«l>[Ì·WmvX±.ç‘Õ÷¤øqÓQ[‹òD-	uß½"¦JËàì
™ÌÏm²ißUª
Il1$Þ\`¬É33„
DŠ|Wr.Q\	.fkqŒ²éÓ¬rõ,µ%àñpwÔb6G÷*ÔÃ÷ÌuÒØ6Ìv:¼èöm7vQ¨rÝVñÆÏ}>¹`ZF•€²=™ž;¡Ÿb§U	B=-$šÇJ?Ü+}½L"Ü‘Ê#'ßísTc?JtEþ4¸¬’ê•€1FH’h}³¨0]ÑïWÑø€µ!Œ
ÝÎ*Ög§h€Ti„î.Ò”);u,Ù`¢1×€øTäò‹è¶9¡{uiÚLå¸Šè0e‹	ºpë)N\6ÍûýÞm}<Ü¡ê:!’Œ"\Ñ m@%òXM“¢Å-ÝÔv93·tÎúsMÃi&µ–ÃîYOc'ƒ¥§ébê÷]‘¯©©Þó„J+Òôvl~S]6æ.\h”!Ï¦ÙÊ‡ûÑ%…£CªU¢Æ5ùB²\ÚÎÏÿæN:mÝÛ*¤îCÎ·r±øØâ£X‰ºLJD
áÞ:#!·1SªêVƒë¥å93˜7’Wáõ4°±_¶5ü‘%ØÒQ’˜‡Ú ãXÒû†.[ç/l\WA;89ˆr(´ñe´ò¥D”‹ôy8–>·ÒðL=®g³ÁxÝb`˜1•KÔC§¢—¸,-¨eÁ º¯R8è˜Ì2r-ßª½Tà#KV´CŒ¶µÇ[&Ç£Ó®ËP%%wí<›…- …ïzI.›žHáM)£\§|e7×²ØÂHMÑ¼-\Û&¼pÚ¹vâÎ™)¼<`
%áUX>¥g«µ127LÖìóTR†Á]k™|Ne[•ËÂ€`
´Oä·ZdœZÄÊ™2Õ“°ÑíŽõ
æéHÐ#¥ä	Î†Å<¢˜Œ—yaälZ`x·²–)K+F‹ iåuð¯ª7Æež'r‘NªcÍ]Qbíæ´Ã·t)Œñ²}0æ
o>xq|³çì_¯‘’o³¸×ÑKÉ9îy¥ŸQ»OîP\Ë]Ä¦ã7	ØWm‡åØj¬xØ+Ìë©š;ÄÉµ…ŸŽzÖ}ô‚Š‘#§
—Æ%ZÁ"…ªQPMSRn“øª~â}ïâ$,Ô¢4Oyv> Û>°[Õëd™–°Œ™PæàÖg?‰…‹#©$´ðß›:U%Ú¶ŽgY©ÂÅ:£Wš
q6+ÔÂ1™Œ›AµÔb˜å-É·Œ8$Ë£–¹Ùu[*åM³NYÛÇîQ4©J`‹–JbäÝú·gR©Òš2!Ëôƒ‘Q³ƒ1ÔB²$ØáúžÂ^57Ì..…|’!H-EWXËÌÀ¹æ¤£#t5Ú Ú#×FOîç•ª†hNw{wEKi: ¨#¡ƒP~M€I5¾¹Á¶£<Ôä$jbPhhC8ïÿMvÍ’h.uÈ_
]T±LÚfX9tß]fãìØ8ÔúÉÀÜÝ·dHÿŒŸ_µ°mþêEEÐ€Ázný´ hPç‹úÊ"ÿöª	QEíù·Ù–R)¤ûþ“‡ùÚKêÆ™]_šÿŸÌÙÆ~tÿ«ß?ðÀÔOª[.~û¬ç†Ýy8R³¦*àþ'¢ècßÓÝÿFÄ¿V	ÔÑ4°ÃMOÕÑ§)«úµÞî×Ñ&†ƒ¾zBmL¯%únWÌû©‰¡’ÝÌâNVgÿ|ãïnJö‰¯Az¬#ÌR</q'Ê°ù6ýc&ó±ûPžc[O×JÖ¢ÿŽgãŸ;z–ºn'EW¤_Ñãy¡;áýŠÏoœ¢srP·’˜ç³ÕxÎâNßÓò[iô[
‚…lÙL¤îõd·ý}sœŸýÙ3$"L|(ºÚk±œ‡ð”Æ[áò÷Ä–IÀaÖñÞ—‹Ùß6Ç¿ù¶‚®N~tÔyœßüDxúGFßÙ!müþ]Ìo!2ñN®“ÛŸ«±î·NxïãÝ•â$Jç‘Öù7„rÜïñ'<r~úß0»}óâ¾Ú2--”† ÿ~½œýSt=«ø×ðêÈlv]pDÙûgDßû‰(~Iœ…¨ãQ@7.f©b”†!uø¯ƒÇÙo¼ñ¢‡êö)~V¹Ç¡…ç‹ãì•¢søkÇ¿G÷ëYµ¾çÇù7¿So$Ëþi9;ç÷‹cKò ]~ç½¹>
?Wÿ… ‡æóÔúØwy„Oí!fì} ?é=Zú·@G›ŸÂÜ{Ÿ&qû‘/—ëäÕØ÷6)éÞ÷Ä®Õâ÷ZÍCú@þ»-Ù PBë÷Ô–µ(vÓÈ‰Ýûÿ¹H>ÒÚÈ 	?†þÉ]ó˜‹£Tëš¥zÈ³Ô·µy¯œÐOºí?=öÐÖ½¾þÛ±K³#³Å}tÚ{tÝvÂ´„^/=ÚN<_K€›{‹Ç ”Ô>rö«Ï YÚ•oÚ[‡ûULzº·Ú]Ù{âDÕwÕ9åŸ;z(AÙÂ·ÙÚ¹Í%õ «Þ]ŸªSoùÐ‘ç7<›‰‹ ¬×ÿ#ñ
½÷hiƒv¶e°ÏßËœ’	¾gÇÎ“wëÕzŠ³»X@ÝÛXïÝÏó¶èP<7;K{¶‘uÇw¥nÕwîì×ƒF*®uç¼ûØåæß¿dÊüÝ†Úh>
O×š4ûê6ûÖ“®G¢oD;Â·[hèwwy ~éë0jÕÄ}â¿Û5ïÖwt=²æYOâ–BµyºîžkA»V¯°\`ëÛëAtÞ'ùÿHþµ}Ûsï›·ZÌž~Àiî²guÛõh'ïÑô^<ñ¼{½õ‚ë÷
õ×¼	þ½>vÎ÷Ü:8Bt\ ãõ^ÝìÑq¢Û@ÝËìßÀ{Û¶TßÐzoFþþ-isÚÁŽº¼÷É‰|o¼¹ìËÜÔ ˜dþ<»Añ:›óŸh.æÕüõÚ¦·×‡ø¾%'ýÉBòw…æ{>Þ«ï‘þ‹Cœ=Ôì›¼½
4Ô…Ým'"o‡x·ûg î‡ku4×?½–z=o.°_ý¾Þ\ž¨'|	ÍYìÁÞw,:ëëÚœÀ=uüÏ¾§öïnUo}sà»üo>*'æö~ï8¯p¿~uñ¤›æ›©ý;h^¬´ÅOÚ@¹Î¼×Oèîb{ñÔzÖ}·G´»
zm`O¾ÇÛøÄÝ=ôOÏçz´œx;–Fwè6à×Ü×7šGÍÞøÍ‚áæÁ×({Pœ®·\G#@gñ´ç^³&íz5µac›Ýì1¼úÆhK‘÷x95µ@©àø·9o–/éÇûO/÷m‡/ø	¾àã–o[7¯÷üŸ¾…{kú6î:ÔÊ
ê£½Ïì¸çîD¤}äŸ³¹‡Þ—ï–»ñÚ¼ÕñjmØä{oÜzþBÓïx6P½{!ží0wª;j.í|çÛdß9ìaH_¾¥©'>‚ÕxÓµZÅû âa÷O_”¤EÙwAáÛ¿ïŸ—m8ÿqñ^<±xïÒ†Ì¯÷ìZñò[Z}ë‡ìeˆÚíèôóuëÕ\hÇ1òÚ>.1×}VŸ³lËóƒÈã.÷ØÃ³ ÀžoùŸ´XyžÍÔVš×gä7ªOø
Ÿ¸•³’)Àû›™öUï—¿ÛÃ!Ã¬'ÿvÀ7?½7ï;Ï;:<WÕò(Å)Žb³o¼Ã x<ÚOØÒ
-$ƒ¿
ª/þsf®ÿî-l–¾ãñÑýù¯Ê¿iñùY’xÂo‘7ßuíïæn÷Ö<N7ww·Ím{7×ƒxòýï×Š¸'©ÏnïžwÐ"´y?¼“àÇ}Ùœñî|_´cÊ#ÌìJ;ð¹…bžÍiösP;^â³ëÀû~u¼A +ûñ£ÝÓñðsÙž½ó{’ïîx[?•ƒÑŽ*áÖãX»øö6öQkÇŠg<ÎöêÕƒó¬~æøŽ%í·cº§{´ÒÓ¶×ø[¥ö|PUŸøÇâ'ÖÖÕÏÁ°°O›0ÈÔ±’Þç:Ëo9Ö9ßÎtôß_{ù9‘ì‹ý°~’Š÷ñeÿ\ÕŸÿ/‡kþôû'ˆ.üñ1´OP±¨Rh¢^5½ÿËÉ´wÝ|‹µ]ûøåNŽÔTrþG:Ë/=ãœç7Cô[…Míqr“ø$~¥šæÝ>YÓ¹t¦¶zóõBqaÎÈO{á,9JCÎ¯0(ú=°‡S½j’¯{Àê,~åÑ«>'ü`dÁ>‡”¿çü´/†Š4BŽìÿÀ³s•ŠŸ¿W6±6¾Ø‚©µÒwÇ4×Á\ŸØÔÓ‰Ì²÷Ïêg¬Ë¼øºþÎ—³ß‹ëkT„^?‘šŽé‹AâÊSR7reÿPžœ·1k~4DÙ|.Àáöæ6>oÑšû‰Ãò)þG8ËO¡¿a‰Ÿ«ž	w7œU©°dËh9ì§˜@•žÄ*[›‰	ˆ	H§Gäo†%áé‘…ŸøãwDc]þ}U	lÅÿˆuNÄé|¥à‰NìQ`o¬Y=ýWÙqÿRèìo§ð/WZï¸Fôžè'2ý¬‰Îóß"9é?Úçb)Ñò´¬VÕWçdÀG‰ÖžÖR;àýËK„Ï85šjÝÆx?òósY¢ÏIo\õb•±öé.(>%t{ oYÞXð§^â|vÞ§ç«8Ç@/@ÑªçÑ©UÿèK±½Ø1eyƒÚdÖËçDPçª¯µÇúÏËÐÓý§¯fë3]y•ÂJ€ÏDh“¾-Ëµ›ODRýª7c³((ÊS¢þüKx¥<6O„Ò¹¨ôñ*aA³çr·§‘béwSúÿÜýGíÖÚr¯œÔ¢ù”@«ÏëÃ*òd0}·JÌOg	3	iÍT"ø<PÚW•ÀÕë|‚šúX%qõÆº—B¨<%–']„æJ´ót8}ÇJ“OÄÓ¥ã]ôXè³õ×)%We¬•ÿåb¡êçÎõ¢}`¢Vœ|xò©ÿ¶@?ÕPžÂj»~CÞ1Äéú³§tË?‰¯ŸŸÕvŸ½ÄoˆaÕ!hÇ§R:®÷ö#ï&æäBïZ®ÎÔýmÎájÝèCŽßÜL9ãÕû¨‰öð— öô±ÿ(êdìHéåòiñŸºš±Rkç“ßYÕ\ôª)ç›õŸeR½«&únÁ‚Tìož}œäÕh5ß¼59¬«ÁöZ©Óªb¿æFÍù¬TSý-ñÎwîÂ€sÊ»ý5îÎï8;÷?µéúídBjCŸçþmþiØìw?	¹‘›¹	›	’(¹“›¹	›8	”H¹•›¹	›XÑ°ÜèMn¢&ZÂå^næ&n&bBæFos714Qs£7½‰M „ÍÜÜÎMÜMä„ÎìÜÏMÜMô„Ï*þ×\E;àvöu¹zûvºwŽoÿÞÿÛW'Þºqæn4g='N…k9k9ñŽ9Ÿ³“k¬ñ9;9³þ&^Mç¬äÄºùœÎ×NÖôÄkÒœõœø¡¯YHÖiÄk$Òš54ñ}‹Ngl'koâ5 iÎºWqøµÞ¤è¾ ò·^G_)EsÖôPU] uUS3E"`»oxžþp'œCõÝ—{ïî½eç^AQ¯QPvUp½÷òîå¹ÝY—ßkHLíhBbHmÃíb!‚mH°†ÖÛ,¥4š-ëbI`6´”²˜†iºÀ‚ÀÌ ßÒÞÿ—cwãÝ®¤é"JZ£fëHjRñã³Ü²X¬¡yÁ[±ÝLýú:ZœveÔ¥¶îöäÈ-îí“”Gcì©%Kn•–räMddqQíÝÄyVÛ$áWô)ÀhÌÑ€öBÜÝÙ¹ºÖ’íØÁ¥šlÙ
#Gd¶Û;w$b„Ø„1B#€BõOHõßƒ_Å„cdŒ:gtQ¸ÅÐ	øcÅ.Ø5CÎâ9apè+î{%!ü(=P’…`Sb7rS”ò°vª8Ç‘9ÃÎ
Ãä2ÖQtÅ"[
R 1Eu¡¹:CHD˜då!µ}£…ä:lJ¤¼†7ä°ãÝºlœ6 Ó•ŽûJÈˆ’ ,e7s2]5Û™-©XÚ+H¹r&ÞW Þ]öÀ‚4<4sG”¢Ò&Š²êv/6È©RÒî[~Ñãö\Î©C¹_$À<¦³[$¨”'
½U5.ºíÜ&Š9õ÷íD“Þ¹ ’t*x”TÈTG$	©‡Ò1ÆxÐcÍíÀVbÁž,hbä.«•·-D§
…JÏÃúÜ8è°œJx3S÷š^¹eÍ©NyLËS_q?Ë\	Ú(Ó`¨1bü1©!:×€¢Ê‰Ì˜¨Nî³w®RØÊÌ¦e(yÍ)Ž4—mŠeä¢—9*¡2«¢&ycL<%éÍ±W"Õ#A¡Ez¤EÎãr
“cM+ÓûP¡e•™1Q¼¬œcÄÓXÎjCv¬ãt+él£â\î˜¬FŠ.o[‘Y5“§Òãéÿyr³‡+¶å`<ªe´ ¡ö*¥JF“"ŠŸ¸È,‰šä€ì±È‹i\F9³&®1\õÿXê…1‰kL6dŸâŠÉè‘â9Qh³óñœ?Yu‰àe˜þi,²~ñBÂDY8ê™ÃÂïÊuËv‚¹ÝþëtÄ#ÌÑks³h;¹	@•¨<hJÙþspR JILi|«m7¸*¥ŽT`Ú¢ëJÆ7É¼Í«	Ìº'w–{r,\T’ ð0£÷e’g
A0ÁÂN¬á™YX5‘§Ì“!KÕÈË  ñ?=Wéé€<J6mntttZÃÈ¬‰šÉSsäu
NTSšTIñ{™±Ù$´ÓvPlZyÔ¯fblÅ*VÚÕÉ”¬
A 7sS g#›¦Ee|?ØÇÛccIùZsšU‰ÝÉu›‘¶ÌoUu¥’°ørŽÅ:žŒƒuªª³64%ok'Ø3aâ5“§šµê 5a§µ“\š˜èDMä©fí<¤M˜ªDçäîæ3NÔ¨1šygÚ€÷ì1‘¿¨MÐ9;UFnV«37a
›“§›µê¬"³%j'O8k²ë5aäÉ÷°;ãpÑe'Šd1G¤“³ú;§[¿%tfeÔDwL@'S¸žYŽ‡"×î6¼pÙ¢Ir *‚ÌÉ¦¶9óõ$5h[î˜lsÏú7jsñ˜ÔŸÇô_âÀÍ¥:ðác÷xØ¶®rïªêj°1BQíäØ8Seî¨Çeä²üLkêÖÈÔMäÆDkö~:R[LÇExœãGõ'Xà5šLR3–3_òpìkÎP&j“;†›d ÄWÖûà×f>ÅC8XSÕGßqP°kçp&j³;:Yu¤îc)‰ó±¾õ•ÐüçÙ)Pf.žiˆã&c¢5{™¥¨u€SŽ÷y1š'ôi2Æ:Eã—îjš¸Æ"³%j'O6‘¢¡nVøÖÞ¦‘7SÍïaRÖ°*LƒšDÝ£URá;”øÃR³šMi;Nùºk¡sºlD3ÕiQ®ŒBëQ¼1XŸ¤tÒ2d¾%rP ’ˆÑ\Ð~¥1É¯¡Â°®„È¬‰šÅS&=D¨Mv¨½g$ôÚ¤ÈÅÖžN.™â7WÅd–DMä©·ì¢dæ²4º%CÆ?½Îü@‹•±?£`}ÉØå@¼¨	î˜eÍómfY±uÊqåAºš¨"œ&M’ hrtÔyÕh~DMäª˜è!7¦˜B;=™Î§Wª$X¢“\í½@Ý1ÕÑ‚DMä©®ìÅ²
Õ÷Æ„~55îìb«±HŸr>2ˆêc—@¹¨	\•ï0[v¯Z‚>InƒÚdþY#›48‚KÉ˜5Õôl?0%jAO{'ÁíÖÐâøÝ;ÒÖjª_¢ÑkKÓ;¤u„"³Äj"W%I'>?“RÚµ}¹5¤ÓeD·ƒ˜$E>:«Ëiü!j57™1Qž¼ÔEã9”jJþÒ›PPèhJÂÈÌIE•R‹nÂ<”m¡c¢®y±Î`~M?,ßñçã³]q	â}Ò\SÞ¸%÷×‰Ÿ!¢$
=dc#ÖÃ?,!Ö˜Ûm™±ƒmr°þåê°«x»$Hb!06ÀºÉæÌsð‰ü‡¡Çù,ý,è"nBÄ…%ö±¸|à³¤1 \Çý?s¥zûJY”ŒütKöþ¨²9®yqÙÉtxxM2Å‰†ä¦~‘Änœ×ÏÃŸqÐ”¡•!ËñPì~-?Æ[Ë´¹KPs³W@!ÞCÚ|¿Iß_Œ§s¿+úªU¹ug€ïþ\W&@>ë3ˆ›’¡!4%!•5áQ¡ó[¯Õ88¸ÈŒÍ5Xƒº"ËóêHºˆÈbºe7Hyìw/GÓ,t{\‘6dúL—‰¡[˜ÀL_Z‚RxO[2¡¤fpÆ–‘UÊDpüg'³®ºŽõ=/ƒmOÉ˜µÏ«£–ùá¢ûýè†öV0¿ÆÂäRÇŸÍáYSH•,]¦IeÜœ‹g"fWcÙ‡»/C) á32'6„é17Om,<žÝ#"¡MW¶ž2Ë""Mläó²WYñ5Ó¡`Ú|ÙKììšª+Ã+ö‚…1£E3â,)‡µ¡k˜+ž+p˜WKÛ6µ}ž/Xœ·ƒ…¡²_ÙÝ
™Ü±™Ž¬‚D,Œ3Í”2Có¸(ž·ðœˆŸùÚ1L)v]òèK»ö¯ìéhÄ¥?í3Òh8ÛŸi°j6Í†Tô™”PdÛÏ§‘§ºi$¥Ï4<î2Ó4<¤çi”ÎšÑx5£FùQ¿¦¦¾TÍö	ÍàÛw4#æå¸ôvæ§—QL×^Î~Í(ñ=Í¯Ô×¨4«s–i¦7®Åà
õC°°cžŒËZ6éÅIô5ƒWþ4ÃäåKÎ9mü_3ÌMM3Q_ñ‹a‡ó‹fSÚ}Å®-Šk®Üí+YsE
5ZÊú}á)5Z/ðgÌ¯|Z‚ZìYò4ÑwlœÜ×WêæÚ±»^ô×b–îìºÖáêÌyv×ëµ˜°ùœQ§‘3ugMêNf.®I9¾¨_ï¢|þ”/F"rµ±¿üýÊÇhŒžî½~ÌáÔ;¤_/üWúûÊº˜Ë&ks<tZ-ï~1^ÄÈZ$¹"9'ÒÅ´—ëœ
C´ö'å™³ý¨¸Wºz±’™†ÿ_Y%í9òž±ÇD¹™D¥-F®œ£¡ö}_º;žœñKKœéùôæ6gˆAñ—¯Å4¡TîZWâSH„çþÙ)VØYuåáfK=
fë.#®ˆQë©ñm×O-òœ½´dÑÅA^ðŒËl@Y\d0žÜ_þâ—þ*˜L‹YV¡¼?WW}òœ"u Îûx……èŠäZÿcëƒPŸLé”]mE”ª8Wv¾“@Ÿ¬¥F9ÉwºK^ëeEEÄºGë8lÑÂ‚ÕÂÉBÑ6h$´¿5ßÍDG"tàrJ¬@e‘ïÑÞhEVNh1¬8ÏrTdºò•µÐmo‹¨=
;»¢ŸùMZWÊq»¿þò…¬ß1i#†É2DÅ‹
1'ñpéòû+ÅÒTIÞ+d!|éË&˜à+YP;:²î\EœSîysÏƒYö»e7ê–kÞ8ü|iQ=ÿ_7ö²Ç5y©ÝL
µå‚k@ÒEàÕÏ¡£ëä(	Êîß•Ó§Ÿæôîsø>í²-Êäá~(àòYŸÁCÎµÆQìs[”,3gÌ=Nwîï= =ŒQº/~‹0±àµ5³
±w/úKRÈçïõä¸×÷¢çÝ¨°ìî8ãOV»õ<Xü±ì5ä“¢Ñ:n£hœç¼š-
m?8¬&ÁöÓ>ÙËºëùïú¶tµ]£(5b/¶+¾°~Õ†ŸÕ!\â\ÅÆ+Õí¹B–]‰¸Åö?ÑKIÒÉóJA`²À,û_ï^ùÑ&~nÄÔÒY/È>¢u„.
çaþZó.‹Ç²¼×y¸aÏ÷¯ûî–¯º(„N ùz^ÂÓö]®gµ›#ÞjÄ×ï1ÂHi8WRÉW)**6%ã%EeZ4”¦U7Y\%¦d«¨”Œ•Î–iqL™V«diJ–WI)*:,ÓÒ’2®<RÆUDH´JË®d+Ã¢2®{A|ø= ´!X"Æ¹.H´Š"Ë®4+Ãâ‡2®âPÆUJ¸ŠBÉV©d™•’qâ€»®´JË«È“Œ•ò–i±>™Väci•=–]ÑV†¥õeZ<ÆUäI¶JôM7ëeÇ
ó•>È{ÖwŠíÇ
¦¤Wió
CO7húèî™ßÅÅ¼?yN±±X1%B ÍÔë(`¼ºQ5Q^|E-úlƒo$‘—÷>ÏfËYbMŠCÔù¸åk¤iÆëœ™d¨vD	I ²GX7«wâ7Ýb±àŠJ4‹¡‰é1F†|ü¹âPu?-ÿ{–1ÈmhÁÔø>Œ›Œ£¨›K•ê‰¹õ ^Vö(‹ ¶Im`‰”â³sÄ£8Ê€MÖ"ÌzðÉ4-Ò"4lr
Ür.p¦ç™:‚´¯¡ñAW'¬ü®æD	TªøÉ„¥d¡îL¶¸»‚¦ÚFž	\²…åîàóª=J¦y““óJœ	ÎA…àLªíQé)¥ï“Hí.”àj=J#¬=G9ž}
q#H=Eíð¤(»ŠFfa–p*ÐF`aq«É´U^‡ïâée%ÂkÍ6gl¥¬ZÁÌƒôH‹—eÒÖÂÍíÊ4¬‹ac€á©94¦p
ÞžFUZ
8XXœur'e(Áæ—ë(” “Kn”`„j;Š%ƒÅJÐ45¥hßªÅ#gE=ŠÌõµšc;ÑnÍÛ@@Á©9”˜ÜŽ0(Ù£,‚:T²Kî
g•3“ÍsU JPß5EóµYã?6P{”F`EQå]	 ØYeV'pRq¦K¦MÄ^-Îdí #¤«Ddnî²ðäk!”LÁf”((Xðõj‰&»6¶T-BúšÜa}-sYÄZ"Ý§wC’ß»`ªª…(f(Ü›´UTP´NTÖWÏ0Ôø´Dfà+J”Jêž"˜JÕ«).“®óiÏk5×]-¨{ÛÔ±G)®çh HÑy·€BÚÔ¬N¸¦&	h°u3ÔKú“Ã²'	¬Vø?h{µDÏ8ƒ:th-GñI¨Ë×deØ×Cíî©;kF"ÙûÏzìsýQ¡jSõFóùï‡íZÿú—2ß“Ú÷“gÞò_™
K~öQÇÞuk¤úÈïñµ$DÜ¶Æ)‡›ü¶Ì9Û=BÁîö
6ÿHÿ§\ò·pŽ[§oÉëÕîH^Žû
xp×ÿè¢oßáÈg·w—w<-ô¾Ëïª%|p|…¼îT=¼×¸Ü*’¶Çûéá<‡Ç‚öatÄßvaqk¨üãg–û‹ÚÆ7wƒ
½,:-ÀÇØ¥ÿy²Ýžìzœó^Ïùé;ýÕ¢l»¤Ï¼ÝÅD¸¿§ö¸»#l÷Ö{þó_ÚÜ²Ú‰ïý}_KA‡Ø=è4ÿ†ƒõ#[?Ñ÷Ó8?oÉîÖŽ(ÕŽú½[ÃæTíË·éuŠåJÙK‹2÷|Kw_ÚÇ‘.Z	Ý»ã6ï”Í?~kß×›F2ûýV\\õ‡Ù~øàïwï/â¯wüà§œîe·n(¾.ŽËß†ï¶îýŽß¾H/éõ;iS%Ì©æ_Àþ’Ë•à–i\ú£/¾á¡r8E?šóêáS[N1ûn¥ÂœöÇŽ7Ä¸åzžx‚#Ô"ùnìÄXÛ÷í‡~oÝsäÛïˆó9Û›_^ÆÃ©¿ÔyWý°ýçzV.äsÄ—ŸûÅ÷É§>®{ÞsÝ”óO÷ó}©ÈWû^¶íJéäÇüC<ÂÏó«*·ÿxŽ+ù}8¼ƒ[Í¤ä‡Ûkàß<èËå5i.jòÕ;xCgÌzQöÇ2QÓêÿú’3ß"~¼DŸRñ÷æ´‡¾>	ì¦ÃMgÏ+}_ì¥A¸þÊ~ê˜*Ì§di÷ù)%å»?OéJÎùSð&b~¨t_ó‹ChÄ=·§¸6‚²óoN"Ò€‚ ÝT!BÚÀœàøRŠyŒH
èBâædñA£=< 4¾é£É¨šÑC`Ø†‚p£=C§Äì/ ²{»©o6Þ½¡Ì†6;«]\®3ädö! ~&È´ñÌðµvš:Ò¼ÿ=!ñºïÑ”²Ùdò’übü
yS«ù$ô¤^DéàŸMÄÃ8
ËšT<„ËËÆ	mÍßdgÈë«ßIÃé³dö3×3›¿]waÂüÞ
L™ãó–_ØC†7ÜÆ÷Ž¶ëË&æá§~ºðÜî7;9›<Q$®²üò	ßÔfí3åÉÁˆ˜ò-[yDžÐžl‹Ü…EÔ³‡ØiùÖÄjšûì˜kòÒäƒêµ³¶ÌÎ'zª{;Âô“gÆ³»“‡UÃf'RÙù‡úe9öàÜ!¸i§b~ì?b…ŽP bñ<:QÞÏ/åµ¸Ÿý¹Wùð6?2ÝEàÈÁçqUÞfV¶S©%cló»NPÅÆèàUÄjÿAcÄ^’9›bîsZŠ+þ•ÉVÓCÅwwÎS^\¿ÖÑ\÷ÍëaÃý;hÿW»ë‡1þÔ{ÅßU„E¬ka€ïÁÍ±Üh=}¤›ûpë{“×¿/S?Œýëj×k–ü×6ž÷GÀ¾¿núhËû¯RoUÃ$ñß2çÿûTGèóšíæ—¡ã.þ‡qq¶…œXMÉ:‚ñÄëóBxå+›VÃ¶¡©QKáÈG^Aì	£Ÿ…óß„GáJ?ÃÙÏ¤í”j-†~ƒº„îè•õ4Dðdtƒ¾#w
Ô8¥œM&Ê&Ü•0K~j4ë›
ðRÊ•_HófÓÔ÷6ÛjÜ8ír¦Õµ2ðÊeZÝ¬ò^“U®lÙ:ñžÛ¿‰Ë<ªÚEè'’È"škÉê=¯prIÕé“žMŠ‰WìÎ8¹Ä~YÆá:Ö<‡ƒ`ì(3«h¦€ö¨(ü`îRŸ
Anon7 - 2022
AnonSec Team