Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Foreign Security Principals - Active Directory - Basic Question

Posted on 2011-03-08
9
1,714 Views
Last Modified: 2012-05-11
Dear Experts,

In AD, within a domain, there are default folders/containers. There is one called ForeignSecurityPrincipals.

Can someone kindly explain the purpose of this for me in a very nut-shellish approach. I can;t find any good information on the net.

Cheers,
0
Comment
Question by:ouch_mybrain_
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 63 total points
ID: 35068226
It contains user accounts from external trusted forests
0
 
LVL 4

Assisted Solution

by:loki_loki
loki_loki earned 62 total points
ID: 35068262
0
 

Author Comment

by:ouch_mybrain_
ID: 35068310
Thanks guys. Now some follow up questions.

Do the accounts replicate/copy from these other trusted forests automatically, or, are the accounts simply shortcuts to data on the foreign domain controller's AD - so if the trusted domain became untrusted, I would be disconnected from the foreign accounts? How much control would I have over these "foreign" accounts - can I administer them?  Hyperthetical situation - can Domain A trust Domain B, but Domain B not trust Domain A?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 70

Expert Comment

by:KCTS
ID: 35068463
You can set up one way external trusts so that Domain A will trust Domain B but not the other way around
see http://technet.microsoft.com/en-us/library/cc961481.aspx
see also
http://technet.microsoft.com/en-us/library/cc779144(WS.10).aspx
0
 

Author Comment

by:ouch_mybrain_
ID: 35069001
KCTS. Just to confirm, Foreign AD accounts will only appear if that domain has trusted you?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35069248
They are from the domain that you trust
0
 

Author Comment

by:ouch_mybrain_
ID: 35069280
It must be a two way thing, otherwise a domain could look at other domains' users without permission?
0
 
LVL 4

Expert Comment

by:loki_loki
ID: 35069369
you can do it one way as KCTS says.  You have to accept a trust from both ends, whether it is one or two way.  Without the trusting domain (A in your example) accepting the trusted domain (B in your example) then B will not be able to look at A.
0
 

Author Closing Comment

by:ouch_mybrain_
ID: 35069425
Thanks
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question