?
Solved

AD Trusts question

Posted on 2009-07-01
2
Medium Priority
?
159 Views
Last Modified: 2012-05-07
Hello Experts

We have two seperate forests in our organisation due to a merger.

Forest1 is named Company1, and the forest root has child domains of Child1 and Child2.

Forest2 is named Company2, and there is one domain - Company2.

There is a two way trust between Child1 and Company2. The trust is not transitive.

The IT Admins in Company2 need to access a resource in Child2....can they use a Child1 account (e.g. Child1\Admin) to access the resource from their forest?
0
Comment
Question by:kam_uk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
PWeerakoon earned 1200 total points
ID: 24759639
Yes, because in reality, Child1\Admin is accessing the Child2 domain. Company2 Active Directory doesn't even come into play here!

The admin maybe physically sitting at Company2 but he's using an account from Forest1 which has access to all the domains in that forest.

If the admin is using the account Company2\Admin to access a resource in Child2, then that would not work without transitive trusts.

Hope that makes sense.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 800 total points
ID: 24767474
It would be a bit messy to have IT Admins in company 1 to use an admin account from Child1 to access a server in Child2. Not sure exactly what resource, administration of DC in Child2?, rdp to a server in Child2? or simply accessing a share in a server belongs to Child2? Regardless, in order to have IT Admins in Company 1 to use an Admin account in Child1 to access server in Child2 is meaningless. If that's the case, why not just use an admin account in Child2, afterall, you are not using an account in Company2 anyway. If you are talking about IT administation, why not create a trust between child2 domain and company2 domain?
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month11 days, 21 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question