Authentication flow in domains with Trust established

Posted on 2011-10-18
Medium Priority
Last Modified: 2012-05-12
 We have several trust established between our domain and others. The question has been asked as to what server is a user authenticating against when logging into a trusted domain? In other words; say you have Domain A and Domain B. Domain A is in Dallas and Domain B is in Ft. Worth. There is a two way trust established. A user in Dallas is logging into Domain B from thier workstation- Does the users credentials go to the DC in Dallas then get passed to the DC in Ft. Worth or does it bypass the DC in Dallas and goes straight to the DC in Ft. Worth?
Question by:Nativtexan
LVL 59

Accepted Solution

Darius Ghassem earned 2000 total points
ID: 36986045
Where ever the Domain Controllers for the domain the user is logging too this is where the user will logon.

For example, Domain A user is located on Domain B's physical network the Domain A user will have to authenticate to a Domain A Domain Controller. Domain A users CAN NOT authenticate to Domain A through a Domain B Domain Controller.

Domain Trusts are setup for accesses to resources across multiple logical domains. You must think of a Domain logically not physically.
LVL 70

Expert Comment

ID: 36986195
It depends - If the user is on one domain and they are logging onto a machine in another then normally authentication is passed all the way up to the forest root and then all the way back down the other side.

You can implement a shortcut trust directly between two domains to by-pass this though

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question