Friday, February 15, 2013 12:49 AM
I have successfully created a one-way trust between two forests of separate organizations. Unfortunately, I cannot configure Selective Authentication in the Trusting domain, nor assign permissions for user groups in the trusted domain without providing account credentials for the trusted domain. Does this mean a domain for a separate organization has to create an administrator account for the Trusting domain? No matter which way I do this, I get the same results. I am prompted for an account in the other domain. Shouldn't I be able to pull Global Group over the trust without having to provide admin credentials? Isn't that what the trust is for?
Friday, February 15, 2013 2:46 AM
Oneway outgoing trust granted the permission for self domain resources hence does not need the additional password when we are created the trust.
Oneway incoming trust granted the permission for trusted domain resources hence need the trusted domain password when we are created the trust.
Selective authentication provides Active Directory administrators who manage a trusting forest more control over which groups of users in a trusted forest can access shared resources in the trusting forest. Because creating an external trust or forest trust provides a pathway for all authentication requests between the forests, this increased control is especially important when administrators need to grant access to shared resources in their organization’s forest to a limited set of users in another organization’s forest.
For more information about how selective authentication settings work, see "Security Considerations for Trusts" in theWindows Server 2003 Technical Reference
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
- Edited by i.biswajith Friday, February 15, 2013 2:47 AM
- Edited by i.biswajith Friday, February 15, 2013 2:48 AM
- Proposed As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Monday, February 18, 2013 5:08 AM
- Marked As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Tuesday, February 26, 2013 8:54 AM
Monday, February 18, 2013 5:09 AMModerator
I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.
TechNet Community Support