Two way domain trust for Sharepoint access, security implications

I want users in domain B to have access to Sharepoint in domain A. I setup a one way trust for another site for the same scenario to access Sharepoint but there was a numer of issues that arose like timer services and sync. This is simplified when there is a two way trust.
I am trying to get a handle on what the security implications are for this. Obviously with a two way trust users in domain B now have the option to browse the domain A active directory and assign users in domain A access to resources in domain B but can you tell me what else I need to be concerned about. I have looked at numerous articles in domain trusts but I would like to get specific answers for this particular scenario. The domain is 2003 to 2008.
LVL 6
Sid_FAsked:
Who is Participating?
 
Kernel_Recovery_ToolsCommented:
Hi,

Before one begins the domain migration a number of mandatory requirements are needed to be in place to complete the migration successfully. Refer the checklist mentioned in the link - http://www.managered.com/Docs/Active-Directory-Domain-Migration-Checklist-3.pdf 

Talking about trust, then a domain trust is nothing but a useful way to allow users from a trusted domain to access services in a trusting domain. Regarding trust relationship between domains, I would like to share the following with you for your reference:

http://publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp?topic=%2Fcom.ibm.db2.udb.admin.doc%2Fdoc%2Fc0008874.htm

http://publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp?topic=%2Fcom.ibm.db2.udb.admin.doc%2Fdoc%2Fc0008874.htm 

Hope this helps.

 Thanks
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
You don't have to use domain/forest-wide authentication for trust. You can choose "selective authentication" and create domain group in domain B to alllow only this group members accessing resources in domain A

Regards,
Krzysztof
0
 
Sid_FAuthor Commented:
Yes but for Sharepoint this has implications for pulling information from domain B's active directory. It's not just giving users in domain B access to sharepoint in domain A. Its also being able to get attributes in domain B and allowing sharepoint to pull these details across to the user profiles sync into Sharepoint. Trusts are normally straight forward but with Sharepoint it becomes more complex.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.