?
Solved

understanding domian trusts

Posted on 2012-09-02
7
Medium Priority
?
682 Views
Last Modified: 2012-09-03
i need to setup a new domain called domain c
domain c will consist of 100 users
but i have some users who belong to domain A who will need to access domain c for file server data etc and some users from domain  B who will need to access domain c
only some users from domain A & B may access domain c and the main users who are only on domain C may not access anything from Domain A or B
How can i achieve this?
0
Comment
Question by:dougdog
7 Comments
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 38358772
Either setup trusts and group permissions between the domains or add the users with the the same username and password using existing group permissions.  I prefer using trusts between the domains because they are easier to modify or remove.
0
 

Author Comment

by:dougdog
ID: 38358782
what type of trusts should i use
0
 

Author Comment

by:dougdog
ID: 38358786
can i be sure the users that should only see domain c will not see domain a or b
also the users that are alreadyt joined to domain a & b can they remain this way or do i need to disjoin them and join them to domain c
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 38358797
Yes.  If the trust is one way exists only with c.   No need to change existing configuration, you are only adding information.
0
 
LVL 18

Assisted Solution

by:Sushil Sonawane
Sushil Sonawane earned 1000 total points
ID: 38358907
Create the external trust with domain C and make direction one-way (A domain user can able to access domin C and same B domain also)

Ex.

A === C (External Trust Nontransitive One-way)
B === C (External Trust Nontransitive One-way)
A====B (External Trust Transitive Two-way) OR (Forest trust Transitive Two-way)



Please refer below article:

1) Trust types

(http://technet.microsoft.com/en-us/library/cc775736(v=ws.10).aspx)

2) Trust transitivity
(http://technet.microsoft.com/en-us/library/cc775736(v=ws.10).aspx)

3 ) Creating External Trusts

http://technet.microsoft.com/en-us/library/cc728307(v=ws.10).aspx

4) Creating Forest Trusts

http://technet.microsoft.com/en-us/library/cc776940(v=ws.10).aspx
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 38359026
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 1000 total points
ID: 38359982
Hm, if you have Windows Server 2003 or above, I would use standard trust instead of external.

And follow this way:

1) Create conditional forwarding for DNS name resolution in each domain
2) In domain A create one-way outgoing trust to domain C (domain wide authentication or Selectivew authentication)
3) In domain B create one-way outgoing trust to domain C (domain wide authentication or Selectivew authentication)
4) in domain C create one-way incoming trust for domain A and domain B (domain wide authentication or Selectivew authentication)

to be able to do that you need Enterprise Administrator account in each forest

should work fine

Regards,
Krzysztof
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question