Solved

Foreign Security Principals - Active Directory - Basic Question

Posted on 2011-03-08
9
1,699 Views
Last Modified: 2012-05-11
Dear Experts,

In AD, within a domain, there are default folders/containers. There is one called ForeignSecurityPrincipals.

Can someone kindly explain the purpose of this for me in a very nut-shellish approach. I can;t find any good information on the net.

Cheers,
0
Comment
Question by:ouch_mybrain_
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 63 total points
ID: 35068226
It contains user accounts from external trusted forests
0
 
LVL 4

Assisted Solution

by:loki_loki
loki_loki earned 62 total points
ID: 35068262
0
 

Author Comment

by:ouch_mybrain_
ID: 35068310
Thanks guys. Now some follow up questions.

Do the accounts replicate/copy from these other trusted forests automatically, or, are the accounts simply shortcuts to data on the foreign domain controller's AD - so if the trusted domain became untrusted, I would be disconnected from the foreign accounts? How much control would I have over these "foreign" accounts - can I administer them?  Hyperthetical situation - can Domain A trust Domain B, but Domain B not trust Domain A?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35068463
You can set up one way external trusts so that Domain A will trust Domain B but not the other way around
see http://technet.microsoft.com/en-us/library/cc961481.aspx
see also
http://technet.microsoft.com/en-us/library/cc779144(WS.10).aspx
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:ouch_mybrain_
ID: 35069001
KCTS. Just to confirm, Foreign AD accounts will only appear if that domain has trusted you?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35069248
They are from the domain that you trust
0
 

Author Comment

by:ouch_mybrain_
ID: 35069280
It must be a two way thing, otherwise a domain could look at other domains' users without permission?
0
 
LVL 4

Expert Comment

by:loki_loki
ID: 35069369
you can do it one way as KCTS says.  You have to accept a trust from both ends, whether it is one or two way.  Without the trusting domain (A in your example) accepting the trusted domain (B in your example) then B will not be able to look at A.
0
 

Author Closing Comment

by:ouch_mybrain_
ID: 35069425
Thanks
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now