Solved

Kerberos - Costrained delegation for CIFS on a server in a subdomain of the same forest

Posted on 2012-12-27
2
531 Views
Last Modified: 2013-01-04
Hello,
Has anyone ever managed to implement costrained delegation for the CIFS service between two subdomains of the same forest?
When I open the service user (delegation tab) in ADUC on the DC, it only allows me to choose computer objects in the same subdomain while my file server is located in a different, trusted, fully accessible subdomain of the same forest.

Any idea?

Thanks,
Roberto.
0
Comment
Question by:martineit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 20

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 38733001
Happy New Year...

According to the following post constrained delegation is not support across forest: http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/c43260a9-6791-4572-a7f2-1547467d89bb

It's recommended to use AD FS instead...

Hope this helps...
0
 
LVL 1

Author Comment

by:martineit
ID: 38744025
Hey,
sorry if it took me a while to answer... Your answer helps as at least confirms my initial suspicion that Kerberos only works intra-domain.
I will try to explore the ADFS way.

Thanks again,
Roberto.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question