Solved

One way domain trust

Posted on 2010-11-08
6
599 Views
Last Modified: 2012-08-13
We created a one way trust bu I think we may have done it backwards.  One of the things is the both domains show up on the trusted domain computers allowing users to login into both domains on those pc's. Is that normal for a oen way trust. The one problem we ran into was when we did it the opposite way the trusting domain never got account list in ad from other domain. We flipped it and now it shows up in trusting domain just fine but they are worried about pc login stuff on trusted domain.  Any help would be appreciated...
0
Comment
Question by:Millface
  • 3
  • 2
6 Comments
 
LVL 9

Accepted Solution

by:
losip earned 500 total points
ID: 34085703
Sounds as if you've done it right now.  As an admin of the trusting domain, you are trusting that the trusted domain has its user and password policies correct.  It is normal that workstations who are members of the trusting domain can choose to log into three places: the local computer; the domain which they are a member of (trusting) and the trusted domain.  An account in any of these places can log in to the computer.

You may have accounts in all three of these places but it is not usual to have local accounts apart from a local admin account.  You can have users in the trusted domain and also, if it fits with your support structure, in the trusting domain.

Does that help?
0
 

Author Comment

by:Millface
ID: 34085734
Yes it does.  Trusted domain does not show up in trusting domains pc drop down list but trusting domain shows up in trusted domains pc drop down list. That is right then?
0
 
LVL 9

Expert Comment

by:losip
ID: 34085766
No, I don't think so.  The terminology of trusting and trusted can be confusing.  

A workstation that is a member of the trusted domain will only have two places to log in - local and it's own (trusted).  A workstation in the trusting domain will have three places to in the drop-down box: local; it's own and the trusted.  Do you get that?
0
Make managing Office 365 email signatures a breeze

Are you using Office 365? Having trouble trying to set up email signatures for your users? Getting stressed out managing multiple signatures? Need an easier way to manage? We have a solution for you, try the most-user friendly and powerful signature management tool on the market.

 

Author Comment

by:Millface
ID: 34085802
Ok so we do have it backwards then I think. Because the trusted domain has the three login areas and the trusting domain does not.
0
 
LVL 9

Expert Comment

by:losip
ID: 34085837
Yup - trusted domain is where the 'extra' accounts are set up in the AD that can be used at a workstation that's a member of either domain
0
 
LVL 18

Expert Comment

by:Americom
ID: 34089668
Here's the way to think logically with terminology. Trusting domain is usually the domain provide resource and therefore often called "Resource domain". While Trusted domain is the domain with centralized user account and often called "Account domain". When we said Domain1 trusts Domain2 meaning resource is in Domain1 for Domain2's user account to access. This also mean that Domain1 has to trust Domain2 before they allowed Domain2 users to access their resources. That is why Microsoft ususally say Domain1 trusts Domain2, or Domain2 is being trusted by Domain1.
losip is correct regarding the trusting domain is the one should be seeing both domains on the logon screen. Again, it has two domains to logon to because users in the trusting doman can already be able to logon to it's own domain in the first place before trust is established. Once the trust is configured, the computer in the trusting domain even with two domain to logon to, you can ONLY logon to your domain or the local computer. You CANNOT logon to the trusted domain with an account in the trusting domain as that account does not exist int the trusted domain. You can logon to the trusted domain from a computer in the trusting with a user account that is in the trusted domain. That's why the computer in the trusting domain is considered a resource to the user account that is in the trusted domain!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now