none
Management trust to the tenants.

    Question

  • Been thinking a bit..

    Is this a valid solution:

    Lets say I'm working at a Cloud provider that hosts and manage company's Active Directory's. All tenant have its own forest. We have each an Domain Admin account in their forest. Is it a valid/good solution to have an "management trust"; where all Administrators have their accounts, instead of accounts in their domain. 

    Or is there any better way to manage it?

    Saturday, November 26, 2016 8:57 PM

All replies

  • "Technically", you can create domain/forest trust and provide domain permission. Is it acceptable from your tenants? Even though, domain trust doesn't provide any permission by default, i don't want to see some company's trust in my AD domain.  

    Santhosh Sivarajan | Houston, TX | www.sivarajan.com
    ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA

    My Books: | Windows Server Security | Windows Server 2012

    Blogs | Twitter | LinkedIn | Facebook|

    This posting is provided AS IS with no warranties, and confers no rights.

    • Proposed as answer by AlvwanModerator Thursday, December 8, 2016 12:09 PM
    Sunday, November 27, 2016 2:07 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 8, 2016 12:09 PM
    Moderator