Two way domain trust for Sharepoint access, security implications

Posted on 2012-09-13
Medium Priority
Last Modified: 2012-09-17
I want users in domain B to have access to Sharepoint in domain A. I setup a one way trust for another site for the same scenario to access Sharepoint but there was a numer of issues that arose like timer services and sync. This is simplified when there is a two way trust.
I am trying to get a handle on what the security implications are for this. Obviously with a two way trust users in domain B now have the option to browse the domain A active directory and assign users in domain A access to resources in domain B but can you tell me what else I need to be concerned about. I have looked at numerous articles in domain trusts but I would like to get specific answers for this particular scenario. The domain is 2003 to 2008.
Question by:Sid_F
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 38393983
You don't have to use domain/forest-wide authentication for trust. You can choose "selective authentication" and create domain group in domain B to alllow only this group members accessing resources in domain A


Author Comment

ID: 38394028
Yes but for Sharepoint this has implications for pulling information from domain B's active directory. It's not just giving users in domain B access to sharepoint in domain A. Its also being able to get attributes in domain B and allowing sharepoint to pull these details across to the user profiles sync into Sharepoint. Trusts are normally straight forward but with Sharepoint it becomes more complex.

Accepted Solution

Kernel_Recovery_Tools earned 2000 total points
ID: 38398315

Before one begins the domain migration a number of mandatory requirements are needed to be in place to complete the migration successfully. Refer the checklist mentioned in the link - http://www.managered.com/Docs/Active-Directory-Domain-Migration-Checklist-3.pdf 

Talking about trust, then a domain trust is nothing but a useful way to allow users from a trusted domain to access services in a trusting domain. Regarding trust relationship between domains, I would like to share the following with you for your reference:



Hope this helps.


Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question