?
Solved

Foreign Security Principals - Active Directory - Basic Question

Posted on 2011-03-08
9
Medium Priority
?
1,732 Views
Last Modified: 2012-05-11
Dear Experts,

In AD, within a domain, there are default folders/containers. There is one called ForeignSecurityPrincipals.

Can someone kindly explain the purpose of this for me in a very nut-shellish approach. I can;t find any good information on the net.

Cheers,
0
Comment
Question by:ouch_mybrain_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 189 total points
ID: 35068226
It contains user accounts from external trusted forests
0
 
LVL 4

Assisted Solution

by:loki_loki
loki_loki earned 186 total points
ID: 35068262
0
 

Author Comment

by:ouch_mybrain_
ID: 35068310
Thanks guys. Now some follow up questions.

Do the accounts replicate/copy from these other trusted forests automatically, or, are the accounts simply shortcuts to data on the foreign domain controller's AD - so if the trusted domain became untrusted, I would be disconnected from the foreign accounts? How much control would I have over these "foreign" accounts - can I administer them?  Hyperthetical situation - can Domain A trust Domain B, but Domain B not trust Domain A?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 70

Expert Comment

by:KCTS
ID: 35068463
You can set up one way external trusts so that Domain A will trust Domain B but not the other way around
see http://technet.microsoft.com/en-us/library/cc961481.aspx
see also
http://technet.microsoft.com/en-us/library/cc779144(WS.10).aspx
0
 

Author Comment

by:ouch_mybrain_
ID: 35069001
KCTS. Just to confirm, Foreign AD accounts will only appear if that domain has trusted you?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35069248
They are from the domain that you trust
0
 

Author Comment

by:ouch_mybrain_
ID: 35069280
It must be a two way thing, otherwise a domain could look at other domains' users without permission?
0
 
LVL 4

Expert Comment

by:loki_loki
ID: 35069369
you can do it one way as KCTS says.  You have to accept a trust from both ends, whether it is one or two way.  Without the trusting domain (A in your example) accepting the trusted domain (B in your example) then B will not be able to look at A.
0
 

Author Closing Comment

by:ouch_mybrain_
ID: 35069425
Thanks
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question