Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Using a new AD for proxy with two differents domains

Odpovědět Using a new AD for proxy with two differents domains

  • Thursday, April 26, 2012 9:54 PM
     
     
    Sign In to Vote
    0
    I need to "integrate" the authentication between two different domains (A and B), and the authentication request will come from an application. In this scenario I thought of creating a new domain (C) to use as a proxy, where the application will prompt for this new domain (C) authentication and will be responsible for making the query fields destinations (A and B). I can send only login onto the domain C and it automatically fetches the information Authenticating A and B or is mandatory send the login @ domain?
     

All Replies

  • Thursday, April 26, 2012 9:56 PM
     
     
    Sign In to Vote
    0
    I need to "integrate" the authentication between two different domains (A and B), and the authentication request will come from an application. In this scenario I thought of creating a new domain (C) to use as a proxy, where the application will prompt for this new domain (C) authentication and will be responsible for making the query fields destinations (A and B). I can send only login onto the domain C and it automatically fetches the information Authenticating A and B or is mandatory send the login @ domain?

    Domain A - 2003

    Domain B - 2008

    Domain C - 2008

     
  • Thursday, April 26, 2012 10:20 PM
     
     
    Sign In to Vote
    0

    Hello,

    i cannot understand your need for a 3rd domain to logon over to another one. Create a trust between domain A and domain B and you can access resources in the other domain.

    You can also think about using AD LDS instead modifying the schema for the application server:

    http://technet.microsoft.com/en-us/library/cc733064(v=ws.10).aspx

    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

     
  • Friday, April 27, 2012 4:37 PM
     
     
    Sign In to Vote
    0

    Tks for answer!

    The domain A and B belong to different companies that will share the same system, but not the administering of the AD. For this reason I can not configure the trust relationship between A and B.

     
  • Saturday, April 28, 2012 7:57 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,


    To perform this procedure, you must be a member of the Domain Admins group (in the forest root domain) or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.


    If you are a member of the Incoming Forest Trust Builders group, you can create one-way, incoming forest trusts to this forest.


    For details:


    Create a forest trust
    http://technet.microsoft.com/en-us/library/cc780479(v=WS.10).aspx


    In addition, there is a useful article for your reference:


    Trust transitivity
    http://technet.microsoft.com/en-us/library/cc739693(v=WS.10).aspx

     
    Hope this helps!


    Best Regards
    Elytis Cheng

    Elytis Cheng

    TechNet Community Support

     
  • Sunday, April 29, 2012 8:30 AM
    Moderator
     
     
    Sign In to Vote
    0

    There has to be a trust relationship established from A-C and B-C, even though you can't configure trust relationship b/w A-B. When there is request from domain C, it can make a referral from C either the request has to go to domain A or B. Why don't you use ADFS for this?

    ADFS Overview  http://technet.microsoft.com/en-us/library/cc785116%28v=ws.10%29.aspx

    How Domain and Forest Trusts Work  http://technet.microsoft.com/en-us/library/cc773178%28WS.10%29.aspx#w2k3tr_trust_how_knfk

    Accessing resources across forests  http://technet.microsoft.com/en-us/library/cc772808%28WS.10%29.aspx

    How does Authentication Work Cross Domain?  http://blogs.msdn.com/b/anthonw/archive/2006/08/02/686041.aspx

    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

     
  • Wednesday, May 02, 2012 6:29 PM
     
     
    Sign In to Vote
    0
    I know how the trust should be created, but the question is after this established relationship, the domain C can find the domain of a user without informing? That is, sending to the C Domain to authenticate a user without informing the domain, it will do the search in the domains A and B or inform the "user@domain"  is mandatory?
     
  • Friday, May 04, 2012 1:44 PM
    Moderator
     
     Answered
    Sign In to Vote
    0

    If you don't want this, you can configure Selective authentication which is more secure and provides restrictive access to the specific users given explicit permission.

    http://technet.microsoft.com/en-us/library/cc755844%28v=ws.10%29.aspx

    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.