Authentication flow in domains with Trust established

Posted on 2011-10-18
Last Modified: 2012-05-12
 We have several trust established between our domain and others. The question has been asked as to what server is a user authenticating against when logging into a trusted domain? In other words; say you have Domain A and Domain B. Domain A is in Dallas and Domain B is in Ft. Worth. There is a two way trust established. A user in Dallas is logging into Domain B from thier workstation- Does the users credentials go to the DC in Dallas then get passed to the DC in Ft. Worth or does it bypass the DC in Dallas and goes straight to the DC in Ft. Worth?
Question by:Nativtexan
    LVL 59

    Accepted Solution

    Where ever the Domain Controllers for the domain the user is logging too this is where the user will logon.

    For example, Domain A user is located on Domain B's physical network the Domain A user will have to authenticate to a Domain A Domain Controller. Domain A users CAN NOT authenticate to Domain A through a Domain B Domain Controller.

    Domain Trusts are setup for accesses to resources across multiple logical domains. You must think of a Domain logically not physically.
    LVL 70

    Expert Comment

    It depends - If the user is on one domain and they are logging onto a machine in another then normally authentication is passed all the way up to the forest root and then all the way back down the other side.

    You can implement a shortcut trust directly between two domains to by-pass this though

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now