16-28 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform trust relationship with A. In this scenario, both B and C also trust each other. This is because, although they are not in a direct trust relationship with each other, they are in a direct trust relationship with A. ■ In a non transitive trust relationship, the trust is bound by the two domains in the trust relationship; it does not flow to any other domains in the forest. When a trust is established between a Windows 2000 domain in a particular forest and a Windows 2000 domain outside of that forest, security principals from the external domain can be granted access to resources in the forest. A security principal from an external domain is called a foreign security principal and is represented in Microsoft Active Directory as a foreign security principal object. These foreign security principals can become members of domain local groups, which can have members from domains outside of the forest. Foreign security principals are used when there is a non transitive trust between two domains in a Microsoft Active Directory environment. In a non transitive trust relationship in a Microsoft Active Directory environment, when one domain recognizes a foreign security principal from the other domain, it represents that entity similar to a DN entry. In that entry, the RDN component is set to the SID of the original entry in the trusted domain. In the case of groups, the DNs of the foreign security principals are represented as member values, not as the DNs of the original entries in the trusted domain. This can create a problem when foreign security principals are synchronized with Oracle Internet Directory. 16.4 Oracle Directory Server Enterprise Edition Sun Java System Directory Server Integration Concepts This section contains additional considerations for integrating Oracle Internet Directory with Oracle Directory Server Enterprise Edition previously Sun Java System Directory Server. It contains these topics: ■ Synchronizing from Oracle Directory Server Enterprise Edition Sun Java System Directory Server to Oracle Directory Integration Platform ■ Oracle Internet Directory Schema Elements for Oracle Directory Server Enterprise Edition Sun Java System Directory Server 16.4.1 Synchronizing from Oracle Directory Server Enterprise Edition Sun Java System Directory Server to Oracle Directory Integration Platform Oracle Directory Server Enterprise Edition previously Sun Java System Directory Server maintains a change log in which it stores incremental changes made to directory objects. Synchronization from Oracle Directory Server Enterprise Edition to Oracle Internet Directory makes use of this change log. See Also: Chapter 20, Integrating with Oracle Directory Server Enterprise Edition Sun Java System Directory Server