Solved

Foreign Security Principals - Active Directory - Basic Question

Posted on 2011-03-08
9
1,710 Views
Last Modified: 2012-05-11
Dear Experts,

In AD, within a domain, there are default folders/containers. There is one called ForeignSecurityPrincipals.

Can someone kindly explain the purpose of this for me in a very nut-shellish approach. I can;t find any good information on the net.

Cheers,
0
Comment
Question by:ouch_mybrain_
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 63 total points
ID: 35068226
It contains user accounts from external trusted forests
0
 
LVL 4

Assisted Solution

by:loki_loki
loki_loki earned 62 total points
ID: 35068262
0
 

Author Comment

by:ouch_mybrain_
ID: 35068310
Thanks guys. Now some follow up questions.

Do the accounts replicate/copy from these other trusted forests automatically, or, are the accounts simply shortcuts to data on the foreign domain controller's AD - so if the trusted domain became untrusted, I would be disconnected from the foreign accounts? How much control would I have over these "foreign" accounts - can I administer them?  Hyperthetical situation - can Domain A trust Domain B, but Domain B not trust Domain A?
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 70

Expert Comment

by:KCTS
ID: 35068463
You can set up one way external trusts so that Domain A will trust Domain B but not the other way around
see http://technet.microsoft.com/en-us/library/cc961481.aspx
see also
http://technet.microsoft.com/en-us/library/cc779144(WS.10).aspx
0
 

Author Comment

by:ouch_mybrain_
ID: 35069001
KCTS. Just to confirm, Foreign AD accounts will only appear if that domain has trusted you?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35069248
They are from the domain that you trust
0
 

Author Comment

by:ouch_mybrain_
ID: 35069280
It must be a two way thing, otherwise a domain could look at other domains' users without permission?
0
 
LVL 4

Expert Comment

by:loki_loki
ID: 35069369
you can do it one way as KCTS says.  You have to accept a trust from both ends, whether it is one or two way.  Without the trusting domain (A in your example) accepting the trusted domain (B in your example) then B will not be able to look at A.
0
 

Author Closing Comment

by:ouch_mybrain_
ID: 35069425
Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question