Solved

Windows 2003 Trusts

Posted on 2006-11-12
6
238 Views
Last Modified: 2010-04-10
Hi Experts,

I'm studying for 70-294. I have a test network at home and I'm trying to understand trusts. I have two domains - parent and child. Both domains trust each other. Does this mean that a user in Domain A can login to a computer in Domain B or does it just mean that users who authenticate in Domain A can access resources in Domain B without having to pass any security checks from Domain B? I take it users in domain A still have to have the necessary acls on resources in Domain B.

Can someone please explain this to me.

Ciderspine.
0
Comment
Question by:Ciderspine
6 Comments
 
LVL 7

Accepted Solution

by:
dlangr earned 250 total points
ID: 17927032
users in each domain can access resources such as printers or servers in the other domain if they are explicitly given rights in those domains. Bear in mind that just because two domains have a trust relationship does not mean that users from one domain can automatically access all the resources in the other domain; it is simply the first step in accessing those resources. The proper permissions still need to be applied.
0
 
LVL 7

Expert Comment

by:dlangr
ID: 17927140
As for the login to domain A from a computer that is in domain B:

Only machines "join" domains. Users can have accounts in multiple domains. They need a machine that is either in their own domain or in a domain that trusts
their domain to allow them to logon.
0
 
LVL 13

Assisted Solution

by:haim96
haim96 earned 200 total points
ID: 17928321
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Ciderspine
ID: 17928523
Thanks - that clears things up a bit.

Here's what's puzzling me. I have domain A and domain B. They have a two-way trust. A machine is a member of Domain A. A user has an account in Domain B but not Domain A. If that user selected Domain A from the dropdown list at logon window, should that machine allow them to logon using their credentials from Domain B? This is what I cannot get this to work on my test lab?

Thanks.
0
 
LVL 13

Expert Comment

by:haim96
ID: 17928577
i don't think it will work. user should login to network that contain his acount
the trust alow you to use shared resources in trusted domain.
0
 
LVL 4

Assisted Solution

by:dempsedm
dempsedm earned 50 total points
ID: 17934660
The user can choose Domain B from the drop down, and log in with his credentials, but will not be able to log in to domain A without having credentials created.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Import groups from "Member Of" of user to a notepad. 4 43
LDAP search through mutiple lower OU's 3 24
Powershell out file or export to csv 2 44
Bandwidth issues? 5 28
Synchronize a new Active Directory domain with an existing Office 365 tenant
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now