RE: incoming and outgoing trusts

From: Ryan Hanisco <RyanHanisco@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 7 Oct 2007 20:21:00 -0700

P. Cully,

It does look like you've got this right. I hate the words Trusting and
Trusted as I always get mixed up when going through them. I generally like
to use User Domain (Trusted) and Resource Domain (Trusting) as it makes it
clearer and my feeble brain doesn't have to play the suffix game.

It should also be noted that your concept of administering the trust is also
a bit convoluted in explanation, though I understand what you're trying to
say. In the user domain, you'll create groups of users that you'll be
assigning foreign rights to. In the Resource domain, you'll be creating
universal groups that have access to the resources and will add the foreign
user group to the resource security group.

This way there is never any confusion between the domains as you'll have the
groups to define role. Also, you'll never have to sort who is where --
especially avoiding the confusion that you might have if you assigned user
rights directly to resources.

Hope this helped.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.

"P. Cully" wrote:

Hi

I must be reading something wrong during my research. I'm confused on these
two trusts. Please let me know where I'm mistaken.

Incoming trusts
admin in TRUSTED domain establishes the trust
considered incoming
prior to accessing resources in the TRUSTING domain users can be
authenticated by passing authentication thru to the trusted domain--into the
TRUSTED domain
users in TRUSTING domain cannot access resources in the TRUSTED domain (3-15)
users in this domain (TRUSTED) can be authenticated in the specified domain,
realm, or forest

Outgoing trusts
admin in the TRUSTING domain establishes the trust
considered outgoing
prior to accessing resources in the domain (the TRUSTING domain) users from
the trusted domain can be authenticated by passing authentication through to
the TRUSTED domain -- out to the TRUSTED domain
users in the TRUSTING domain will not be able to access resources in the
TRUSTED domain
users in the specified (TRUSTED)domain, realm, or forest can be
authenticated in this domain
I don’t see either the incoming or the outgoing trust allowing users from
the TRUSTING domain access to any resources. It looks like these TRUSTING
domain users only get access to resources if a two-way trust is in place.

Do I have this right?

Thanks,
P

Prev by Date: RE: Domain Issue
Next by Date: Re: Sharing account information between domains
Previous by thread: Re: incoming and outgoing trusts
Next by thread: Re: How to add a domain user to local administrator group?
Index(es):
- Date
- Thread

Relevant Pages

Re: Adaware update SE1R175...
... Not trusting the new version then? ... I don't like resources it uses. ... was slowing things down. ... It's also the connection via windows services I'm not keen about ...
(uk.people.silversurfers)
Re: Adaware update SE1R175...
... Ta muchly Terry. ... Not trusting the new version then? ... I don't like resources it uses. ... I installed it and found it was slowing things down. ...
(uk.people.silversurfers)
Re: Adaware update SE1R175...
... Ta muchly Terry. ... Not trusting the new version then? ... was slowing things down. ... I thought it only used 20 Mb of resources. ...
(uk.people.silversurfers)
Re: External Trust Question
... Its a two way trust with domain wide authentication. ... from domainA.com to resources in domainB.com - Using the mmc snap-in i ... domainA.com - cant connect to domainB.com's AD - cant add users or groups ...
(microsoft.public.windows.server.active_directory)
FIXED ** Re: nt - 2003 trust: Extended Error message
... ALLOW AUTHENTICATION ONLY FOR SELECTED RESOURCES IN THE LOCAL DOMAIN instead ... the trust, it apparantly didn't like that option. ...
(microsoft.public.windows.server.migration)