• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 571
  • Last Modified:

Kerberos - Costrained delegation for CIFS on a server in a subdomain of the same forest

Hello,
Has anyone ever managed to implement costrained delegation for the CIFS service between two subdomains of the same forest?
When I open the service user (delegation tab) in ADUC on the DC, it only allows me to choose computer objects in the same subdomain while my file server is located in a different, trusted, fully accessible subdomain of the same forest.

Any idea?

Thanks,
Roberto.
0
martineit
Asked:
martineit
1 Solution
 
compdigit44Commented:
Happy New Year...

According to the following post constrained delegation is not support across forest: http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/c43260a9-6791-4572-a7f2-1547467d89bb

It's recommended to use AD FS instead...

Hope this helps...
0
 
martineitAuthor Commented:
Hey,
sorry if it took me a while to answer... Your answer helps as at least confirms my initial suspicion that Kerberos only works intra-domain.
I will try to explore the ADFS way.

Thanks again,
Roberto.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now