Solved

Kerberos - Costrained delegation for CIFS on a server in a subdomain of the same forest

Posted on 2012-12-27
2
497 Views
Last Modified: 2013-01-04
Hello,
Has anyone ever managed to implement costrained delegation for the CIFS service between two subdomains of the same forest?
When I open the service user (delegation tab) in ADUC on the DC, it only allows me to choose computer objects in the same subdomain while my file server is located in a different, trusted, fully accessible subdomain of the same forest.

Any idea?

Thanks,
Roberto.
0
Comment
Question by:martineit
2 Comments
 
LVL 19

Accepted Solution

by:
compdigit44 earned 500 total points
ID: 38733001
Happy New Year...

According to the following post constrained delegation is not support across forest: http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/c43260a9-6791-4572-a7f2-1547467d89bb

It's recommended to use AD FS instead...

Hope this helps...
0
 
LVL 1

Author Comment

by:martineit
ID: 38744025
Hey,
sorry if it took me a while to answer... Your answer helps as at least confirms my initial suspicion that Kerberos only works intra-domain.
I will try to explore the ADFS way.

Thanks again,
Roberto.
0

Join & Write a Comment

Suggested Solutions

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now