Solved

Foreign Security Principals - Active Directory - Basic Question

Posted on 2011-03-08
9
1,723 Views
Last Modified: 2012-05-11
Dear Experts,

In AD, within a domain, there are default folders/containers. There is one called ForeignSecurityPrincipals.

Can someone kindly explain the purpose of this for me in a very nut-shellish approach. I can;t find any good information on the net.

Cheers,
0
Comment
Question by:ouch_mybrain_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 63 total points
ID: 35068226
It contains user accounts from external trusted forests
0
 
LVL 4

Assisted Solution

by:loki_loki
loki_loki earned 62 total points
ID: 35068262
0
 

Author Comment

by:ouch_mybrain_
ID: 35068310
Thanks guys. Now some follow up questions.

Do the accounts replicate/copy from these other trusted forests automatically, or, are the accounts simply shortcuts to data on the foreign domain controller's AD - so if the trusted domain became untrusted, I would be disconnected from the foreign accounts? How much control would I have over these "foreign" accounts - can I administer them?  Hyperthetical situation - can Domain A trust Domain B, but Domain B not trust Domain A?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 70

Expert Comment

by:KCTS
ID: 35068463
You can set up one way external trusts so that Domain A will trust Domain B but not the other way around
see http://technet.microsoft.com/en-us/library/cc961481.aspx
see also
http://technet.microsoft.com/en-us/library/cc779144(WS.10).aspx
0
 

Author Comment

by:ouch_mybrain_
ID: 35069001
KCTS. Just to confirm, Foreign AD accounts will only appear if that domain has trusted you?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 35069248
They are from the domain that you trust
0
 

Author Comment

by:ouch_mybrain_
ID: 35069280
It must be a two way thing, otherwise a domain could look at other domains' users without permission?
0
 
LVL 4

Expert Comment

by:loki_loki
ID: 35069369
you can do it one way as KCTS says.  You have to accept a trust from both ends, whether it is one or two way.  Without the trusting domain (A in your example) accepting the trusted domain (B in your example) then B will not be able to look at A.
0
 

Author Closing Comment

by:ouch_mybrain_
ID: 35069425
Thanks
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question