List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] More trust related questions

Prev Next

You are not authorized to post a reply.

Author

Messages

neil.ruston@credit-suisse.com User is Offline

Posts:88

06/15/2009 4:28 PM
Normally I'd test out these scenarios myself but I just don't have the resources at my disposal right now :/ Here goes: 2 forests - a.com and x.net a.com has 2 domains - a.com and b.a.com x.net has 2 domains - x.net and y.x.net I need to migrate (with SIDH) users from: y.x.net to b.a.com and x.net to a.com I also need: Selective auth between y.x.net and b.a.com And Domain wide auth between x.net and a.com Question: Can I simply create a forest trust between a.com and x.net but still configure the SIDH and selective auth settings at the domain level as per above reqs? Or Do I need to create external trusts between domains? I'd like to take advantage of forest trusts (Kerberos auth) but still retain the granularity of external trusts. Any ideas? Thanks, neil =============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ===============================================================================

ZJORZ

Posts:282

06/15/2009 4:53 PM
Sid filtering and auth settings are per outgoing trust. So if you need different settings for different domains you need multiple trusts and in this case that would mean using 2 external trusts between the corresponding domains. Met vriendelijke groeten / Kind regards, Jorge de Almeida Pinto \| Senior Technical Consultant \| MVP IdA-DS \| Oxford Computer Group BeNeLux (: +31 (0)6 26.26.62.80 \| (: +31 (0)70 36.21.627 \| 7: +31 (0)70 36.21.677 -: Sweelinckplein 9 (Unit 11), 2517 GK, Den Haag, The Netherlands (Google <http://maps.google.com/maps?f=q&hl=EN&geocode=&q=sweelinckplein+9+-+11+ (unit+11),+2517+GK,+Den+Haag,+The+Netherlands&sll=37.0625,-95.677068&ssp n=50.291089,113.90625&ie=UTF8&z=16&g=sweelinckplein+9+-+11+(unit+11),+25 17+GK,+Den+Haag,+The+Netherlands> Maps) (Live <http://maps.live.com/default.aspx?v=2&FORM=LMLTCC&cp=52.084005~4.285932 &style=r&lvl=14&tilt=-90&dir=0&alt=-1000&phx=0&phy=0&phscl=1&where1=Swee linckplein%209%20-%2011%20(unit%2011)%2C%202517%20GK%2C%20Den%20Haag%2C% 20The%20Netherlands&encType=1> Maps) <blocked::blocked::http://www.oxfordcomputergroup.com/> www.oxfordcomputergroup.com \| Expertise in Identity & Access Management Registered nr Chamber of Commerce/KvK 32129259, VAT/BTW NL8188.31.972.BO1 (MVP Profile <https://mvp.support.microsoft.com/profile/jorge1> ) (Blog <http://blogs.dirteam.com/blogs/jorge/default.aspx> ) cid:image001.png@01C99800.BB23FE50 From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Ruston, Neil Sent: Monday, June 15, 2009 17:27 To: activedir@mail.activedir.org Subject: [ActiveDir] More trust related questions Normally I'd test out these scenarios myself but I just don't have the resources at my disposal right now :/ Here goes: 2 forests - a.com and x.net a.com has 2 domains - a.com and b.a.com x.net has 2 domains - x.net and y.x.net I need to migrate (with SIDH) users from: y.x.net to b.a.com and x.net to a.com I also need: Selective auth between y.x.net and b.a.com And Domain wide auth between x.net and a.com Question: Can I simply create a forest trust between a.com and x.net but still configure the SIDH and selective auth settings at the domain level as per above reqs? Or Do I need to create external trusts between domains? I'd like to take advantage of forest trusts (Kerberos auth) but still retain the granularity of external trusts. Any ideas? Thanks, neil ======================================================================== ====== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ======================================================================== ====== __________ Information from ESET Smart Security, version of virus signature database 4155 (20090615) __________ The message was checked by ESET Smart Security. http://www.eset.com

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] More trust related questions

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads