RE: SID Filtering and trust
From: gordonah (gordonah_at_discussions.microsoft.com)
Date: 02/09/05
- Next message: Marko Kralj: "problem with moving objects between trusted domains"
- Previous message: Jimmy Andersson [MVP]: "Re: unable to establish connection with global catalog"
- In reply to: Jason: "SID Filtering and trust"
- Next in thread: Andrew: "Re: SID Filtering and trust"
- Reply: Andrew: "Re: SID Filtering and trust"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 02:21:01 -0800
Hi Jason
further to Ryan's answer, SIDfiltering is on by default (can be turn off
though) for a cross-forest trust. A cross-forest trust is new to Windows 2003
and can only be implemented between two forests which have been upgraded to
Windows 2003 functional level.
I don't think this is the case in your scenario, and in any case I don't
think the type of trust would automatically be upgraded if the domains at
either end were changed to meet the criteria.
Gordon
"Jason" wrote:
> Hi,
> I have a child W2K domain with 4 sites in native mode. Each sites has 2 DC
> +GC. Our doamin maintains three external trust relationship with other NT4
> domains ( say NT4domain A, B and C ). Actually , our child domain is
> migrated from one of the NT4 domain ( domain A ) using ADMT. We still have
> about 40% of users having a SID History.
> Recently ,one of our sites's local system admin insist to upgrade their DC s
> from W2K to W2K3 ( for some funny business reason). My concern is, after
> they have upgrade their two DCs to W2k3 while we are still on W2K DC native
> mode ( I suppose they could only maintain the same W2k native functional
> level ) , will our trust with the NT4 domains be lost ? I heard from a
> colleague that once the DCs upgraded to W2K3, immediately, due to SID
> filtering , our domain will lost the trust relationship with these external
> NT4 domains as they are , relatively , regarded as External forest.
> My questions are:
> 1) It this true , that is , the trust relation will lost immediately ? (
> because of the default SID filtering ? )
> 2)What if the trust is re-create again ? Will my users with SID history
> still be able to access these NT4 Domains based on sidhistory the same as
> they are before?
> 3) What can be done to prevent this lost of trust ( if true ) from happening
> ?
>
> Please help me to answer these questions, highly appreciated !
>
> Jason
>
>
>
- Next message: Marko Kralj: "problem with moving objects between trusted domains"
- Previous message: Jimmy Andersson [MVP]: "Re: unable to establish connection with global catalog"
- In reply to: Jason: "SID Filtering and trust"
- Next in thread: Andrew: "Re: SID Filtering and trust"
- Reply: Andrew: "Re: SID Filtering and trust"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
