The Domain controller running windows 2003 server authenticates users and application using one of the two protocols: kerberos and NTLM. The kerberos protocol is the default protocol for clients running windows 2000, XP Pro or Server 2003. The kerberos protocol, the client request a ticket from a domain controller in its domain to the server in the trusting domain., the ticket issued by an intermediary trusted by the client and the server. The client presents this trusted ticket to the server in the trusting domain for authentication.
If a client tries too access resources on a server in another domain using NTLM authentication, the server containing the resources must contact a domain controller in the client account domain to verify the account credentials.