Přihlásit
 
HlavníKnihovnaCertifikaceDownloadPodporaKomunitaFóra
Zdroje informací pro profesionály v oboru IT >
Using a new AD for proxy with two differents domains

Odpovědět Using a new AD for proxy with two differents domains

  • 26. dubna 2012 21:54
     
     
    Přihlásit se a hlasovat
    0
    I need to "integrate" the authentication between two different domains (A and B), and the authentication request will come from an application. In this scenario I thought of creating a new domain (C) to use as a proxy, where the application will prompt for this new domain (C) authentication and will be responsible for making the query fields destinations (A and B). I can send only login onto the domain C and it automatically fetches the information Authenticating A and B or is mandatory send the login @ domain?
     

Všechny reakce

  • 26. dubna 2012 21:56
     
     
    Přihlásit se a hlasovat
    0
    I need to "integrate" the authentication between two different domains (A and B), and the authentication request will come from an application. In this scenario I thought of creating a new domain (C) to use as a proxy, where the application will prompt for this new domain (C) authentication and will be responsible for making the query fields destinations (A and B). I can send only login onto the domain C and it automatically fetches the information Authenticating A and B or is mandatory send the login @ domain?

    Domain A - 2003

    Domain B - 2008

    Domain C - 2008

     
  • 26. dubna 2012 22:20
     
     
    Přihlásit se a hlasovat
    0

    Hello,

    i cannot understand your need for a 3rd domain to logon over to another one. Create a trust between domain A and domain B and you can access resources in the other domain.

    You can also think about using AD LDS instead modifying the schema for the application server:

    http://technet.microsoft.com/en-us/library/cc733064(v=ws.10).aspx

    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

     
  • 27. dubna 2012 16:37
     
     
    Přihlásit se a hlasovat
    0

    Tks for answer!

    The domain A and B belong to different companies that will share the same system, but not the administering of the AD. For this reason I can not configure the trust relationship between A and B.

     
  • 28. dubna 2012 7:57
    Moderátor
     
     
    Přihlásit se a hlasovat
    0

    Hi,


    To perform this procedure, you must be a member of the Domain Admins group (in the forest root domain) or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.


    If you are a member of the Incoming Forest Trust Builders group, you can create one-way, incoming forest trusts to this forest.


    For details:


    Create a forest trust
    http://technet.microsoft.com/en-us/library/cc780479(v=WS.10).aspx


    In addition, there is a useful article for your reference:


    Trust transitivity
    http://technet.microsoft.com/en-us/library/cc739693(v=WS.10).aspx

     
    Hope this helps!


    Best Regards
    Elytis Cheng

    Elytis Cheng

    TechNet Community Support

     
  • 29. dubna 2012 8:30
    Moderátor
     
     
    Přihlásit se a hlasovat
    0

    There has to be a trust relationship established from A-C and B-C, even though you can't configure trust relationship b/w A-B. When there is request from domain C, it can make a referral from C either the request has to go to domain A or B. Why don't you use ADFS for this?

    ADFS Overview  http://technet.microsoft.com/en-us/library/cc785116%28v=ws.10%29.aspx

    How Domain and Forest Trusts Work  http://technet.microsoft.com/en-us/library/cc773178%28WS.10%29.aspx#w2k3tr_trust_how_knfk

    Accessing resources across forests  http://technet.microsoft.com/en-us/library/cc772808%28WS.10%29.aspx

    How does Authentication Work Cross Domain?  http://blogs.msdn.com/b/anthonw/archive/2006/08/02/686041.aspx

    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

     
  • 2. května 2012 18:29
     
     
    Přihlásit se a hlasovat
    0
    I know how the trust should be created, but the question is after this established relationship, the domain C can find the domain of a user without informing? That is, sending to the C Domain to authenticate a user without informing the domain, it will do the search in the domains A and B or inform the "user@domain"  is mandatory?
     
  • 4. května 2012 13:44
    Moderátor
     
     Odpovědět
    Přihlásit se a hlasovat
    0

    If you don't want this, you can configure Selective authentication which is more secure and provides restrictive access to the specific users given explicit permission.

    http://technet.microsoft.com/en-us/library/cc755844%28v=ws.10%29.aspx

    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.