Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
One-way Trust Question

Answered One-way Trust Question

  • Sunday, December 09, 2012 8:41 AM
     
     
    Sign In to Vote
    0

    Hi All,

    I hope someone can help me with my question. We have a single forest, with a collection of domains like so:

    -<domain.local>
    -----<a.domain.local>
    -----<b.domain.local>
    -----<c.domain.local>

    What I would like is to have a one-way trust relationship where the child domains trust the parent domain only. Users in the parent domain can see all users and resources of the child domains, but the child domains can only see the actual child domain, and nothing else.

    Many thanks for any help, this has been breaking my head for a while.

     

     

All Replies

  • Sunday, December 09, 2012 9:08 AM
     
     
    Sign In to Vote
    1

    Hi,

    Transitive two-way trust is needed for replication purpose (schema, configuration).

    Check Parent-child trust in  How Domain and Forest Trusts Work : http://technet.microsoft.com/fr-fr/library/cc773178%28v=ws.10%29.aspx

    Moreover, Domain isn't the security boundary, you should consider creating a new forest for security purpose.

    Regards,


     
  • Sunday, December 09, 2012 3:20 PM
     
     Answered
    Sign In to Vote
    0

    Please note that every child domain has a two ways trust relationship with its parent which is transitive. This is created by default and cannot be changed. Due to transitivity, child domains trusts each other.

    If you want to apply customizations when creating trust relationships, you will need to have domains in separate forests. In this case, they will no longer be considered as child domains but they will be domains in separate forests.

    If you need more information, please provide us with what you want to achieve so that we can help you more.

    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

     
  • Sunday, December 09, 2012 3:33 PM
     
     
    Sign In to Vote
    1

    What are you trying to accomplish?

    but the child domains can only see the actual child domain”

    Where and how are they seeing these users?

    Santhosh Sivarajan | Houston, TX

    Windows 2012 Book - Migrating from 2008 to Windows Server 2012

    http://www.sivarajan.com/

    FaceBook Twitter LinkedIn SS Tech Forum

    This posting is provided AS IS with no warranties,and confers no rights.

     
  • Tuesday, December 11, 2012 6:49 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Best Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.