none
Trusts

    Question

  • Hi

    I work for a school and we have recently taken over the IT support at a few local schools. I have created a domain trust for access to resources for the IT Team for all of the schools. Staff now work across all sites, and want to make things easier. They have recently asked if we can use just one set of credentials to log onto any domain. Is this what a trust should be used for, or is a trust just for access to resources?

    Thanks in advance

    Shane

    Thursday, May 15, 2014 9:07 AM

Answers

  • A Two way trust would allow users to logon with there credentials at any site, however they need to enter username and domain i.e. domain1\user1 domain2\user1 etc, they do not need an account in each domain.

    A better way would be to create a new domain and migrate all user accounts over, again you would need to setup two way trusts to do the migration. This way you can have a single exchange environment, single set of GPO's, simpler ACLs and everyone logs on the same way.

    It's a big project and I've done this before in a merger of schools but it is the best way in the long run or else you'll start getting users complaining about each having different experiences.  It took myself and 3 technicians around 16months to complete this merger with around 60,000 users.

    Tuesday, May 20, 2014 9:46 AM
  • don't use one credential, if someone messed up accidentally or purposely it's quite hard to point back.

    use delegation instead.

    i know it's not 100% answer to your question but  check out this link:

    http://clintboessen.blogspot.sg/2010/02/understanding-microsofts-trust.html


    Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    IT Stuff Quick Bytes


    Monday, May 26, 2014 8:35 AM

All replies

  • Hi,

    Thanks for your posting.

    A domain trust is a useful way to allow users from a trusted domain to access services in a trusting domain.

    Please refer to the followng MS article about Domain trust:

    http://technet.microsoft.com/en-us/library/cc961481.aspx

    Regards.


    Vivian Wang

    Friday, May 16, 2014 7:12 AM
    Moderator
  • Hi,

    Thank you for the reply.

    I understand that a trust is a way to access services. But, should  I still give them their own logon credentials at each site and tell them to use them when visiting resepctive sites or, is it best to give them one set of credentials for the site they are based, and allow them to log onto both domains with one set of credentials?

    Hope this makes sense

    Thanks

    Shane

    Tuesday, May 20, 2014 8:34 AM
  • A Two way trust would allow users to logon with there credentials at any site, however they need to enter username and domain i.e. domain1\user1 domain2\user1 etc, they do not need an account in each domain.

    A better way would be to create a new domain and migrate all user accounts over, again you would need to setup two way trusts to do the migration. This way you can have a single exchange environment, single set of GPO's, simpler ACLs and everyone logs on the same way.

    It's a big project and I've done this before in a merger of schools but it is the best way in the long run or else you'll start getting users complaining about each having different experiences.  It took myself and 3 technicians around 16months to complete this merger with around 60,000 users.

    Tuesday, May 20, 2014 9:46 AM
  • Hi,

    Any update about the issue?

    Regards.


    Vivian Wang

    Monday, May 26, 2014 8:05 AM
    Moderator
  • don't use one credential, if someone messed up accidentally or purposely it's quite hard to point back.

    use delegation instead.

    i know it's not 100% answer to your question but  check out this link:

    http://clintboessen.blogspot.sg/2010/02/understanding-microsofts-trust.html


    Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    IT Stuff Quick Bytes


    Monday, May 26, 2014 8:35 AM