We've implemented a Forest Trust and we need to configure single sign on for an new application.
I need to enable the Kerberos Forest Search Order.
Should this be enabled on the default domain policy for all computers or should it be enabled on the default domain controllers policy?
I assume the latter.
Any guidance appreciated.
Forum info: http://www.activedir.org
Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx
Forest Trust / Kerberos forest search order group policy setting
- 111 Views
- Last Post 13 July 2017
The description of that policy says: "This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolve two-part service principal names (SPNs)." Therefore è default domain controllers policy Met vriendelijke groeten / Kind regards, Jorge de Almeida PintoMVP Enterprise Mobility And Security | MCP/MCSE/MCITPMVP Profile | Blog | Facebook | Twitter