locked
I want to give web application access to user from a forest to another forest without trust relation ship RRS feed

  • Question

  • hi

    I have two office with two different AD forest I have some web and client server application in each company . I want to give access a user with local AD domain account to login to app locate in other forest without need of creating a new user account in other forest.( I mean user can access the other forest application with their local domain user account ).

    I wonder to know if I need to create forest or domain trust relation or federation service can solve my problem,

    if federation can help me how should I design it for two forest?

    thanks in advance

    Tuesday, February 9, 2016 6:10 PM

All replies

  • I'd go with the forest trust because you mentioned client server applications. While AD FS can support rich client applications, it's principally a Web SSO application. 

    http://blog.auth360.net

    Wednesday, February 10, 2016 9:44 AM
  • The key here is the type of app you want to share. If they are web applications, you can make it work.

    If you want to share file using SMB, or RDP access, then you need an AD Trust.

    Note that you can also build a web platform to exchange file if it does not exist. Like putting your files that you would usually share with SMB into a OneDrive or a SharePoint.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, February 10, 2016 8:52 PM