Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

AD Trusts question

Posted on 2009-07-01
2
Medium Priority
?
160 Views
Last Modified: 2012-05-07
Hello Experts

We have two seperate forests in our organisation due to a merger.

Forest1 is named Company1, and the forest root has child domains of Child1 and Child2.

Forest2 is named Company2, and there is one domain - Company2.

There is a two way trust between Child1 and Company2. The trust is not transitive.

The IT Admins in Company2 need to access a resource in Child2....can they use a Child1 account (e.g. Child1\Admin) to access the resource from their forest?
0
Comment
Question by:kam_uk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
PWeerakoon earned 1200 total points
ID: 24759639
Yes, because in reality, Child1\Admin is accessing the Child2 domain. Company2 Active Directory doesn't even come into play here!

The admin maybe physically sitting at Company2 but he's using an account from Forest1 which has access to all the domains in that forest.

If the admin is using the account Company2\Admin to access a resource in Child2, then that would not work without transitive trusts.

Hope that makes sense.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 800 total points
ID: 24767474
It would be a bit messy to have IT Admins in company 1 to use an admin account from Child1 to access a server in Child2. Not sure exactly what resource, administration of DC in Child2?, rdp to a server in Child2? or simply accessing a share in a server belongs to Child2? Regardless, in order to have IT Admins in Company 1 to use an Admin account in Child1 to access server in Child2 is meaningless. If that's the case, why not just use an admin account in Child2, afterall, you are not using an account in Company2 anyway. If you are talking about IT administation, why not create a trust between child2 domain and company2 domain?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question