Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
one way forest trust

Answered one way forest trust

  • Friday, February 15, 2013 12:49 AM
     
     
    Sign In to Vote
    0

    I have successfully created a one-way trust between two forests of separate organizations.  Unfortunately, I cannot configure Selective Authentication in the Trusting domain, nor assign permissions for user groups in the trusted domain without providing account credentials for the trusted domain.  Does this mean a domain for a separate organization has to create an administrator account for the Trusting domain?  No matter which way I do this, I get the same results.  I am prompted for an account in the other domain.  Shouldn't I be able to pull Global Group over the trust without having to provide admin credentials?  Isn't that what the trust is for?

    Jason Yates

     

All Replies

  • Friday, February 15, 2013 2:46 AM
     
     Answered
    Sign In to Vote
    0

    Oneway outgoing trust  granted the permission for self domain resources hence does not need the additional password when we are created the trust.
     
    Oneway incoming trust  granted the permission for trusted domain resources hence need the trusted domain password when we are created the trust.

    In addition,

    Selective authentication provides Active Directory administrators who manage a trusting forest more control over which groups of users in a trusted forest can access shared resources in the trusting forest. Because creating an external trust or forest trust provides a pathway for all authentication requests between the forests, this increased control is especially important when administrators need to grant access to shared resources in their organization’s forest to a limited set of users in another organization’s forest.

    For more information about how selective authentication settings work, see "Security Considerations for Trusts" in theWindows Server 2003 Technical Reference

    Regards
    Biswajit Biswas
    My Blogs|MCC|TNWiki Ninja

    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin



     
  • Monday, February 18, 2013 5:09 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Arthur Li

    TechNet Community Support