[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 524
  • Last Modified:

Resource forest- dependencies / issues / risks

Due to a merger a service provider wants to implement a resource forest connected with an external, transistive trust to the newly created forest to retain administrative rights on application servers residing in the resource forest on his part of the serviced infrastructure, whilst the new forest gets managed by another service provider. User accounts are managed in the new forest. Does anybody have experience in regards to dependencies / issues / risks e.g. with applications? (Sharepoint, CAD Teamcenter, Saperion,...) What about SSO cross domains?
Thanks for your input
0
PatWayne
Asked:
PatWayne
1 Solution
 
Netman66Commented:
Just make sure you have Selective Authentication enabled on your inbound trust so you can control exactly who has access and to what in your own forest.

Because a simple forest root trust is transitive within the domains in the forest, you need to make sure you do this or you expose a lot to the other party.

Once Selective Authentication is enabled on that inbound trust you have to manually give permissions to anything the other forest security principals require.

You also need to add the ACL of "Allowed to Authenticate" to the principal on the resource to allow access - as well as the proper NTFS permissions.  It's kind of like adding a share permission layer only with Authentication rather than permission.

You can read up a little here:
http://technet.microsoft.com/en-us/library/cc794747(v=ws.10).aspx
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now