Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Risk and caveats when setting up multiple AD domain trust ?

Posted on 2015-02-15
7
Medium Priority
?
326 Views
Last Modified: 2015-02-26
Hi,

Can anyone please share the caveats or the risk when setting up the AD trust between my current AD domain and approximately 20+ different AD domain in separate site office sites ?

I need to know before setting up the two way AD trust through the AD sites and trust console.

Thanks.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40610637
The reason why there are so many AD domain to be joined is that because my senior IT management told me to add the site office AD into the current parent company AD.

Because when the site office is closed or bought by another company, we don't have to spend too much time to setup the AD domain again to make it running again.

So the idea here is to be able to tell the user in each of the site office to use the PARENTCOMPANY.com\Username account to login to their workstation.

The Exchange Server access has been provided to the site office user when they access it through the terminal server.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 40611001
If you have a two way forest trust between a domain this allows users from the opposing forest to use and access resources in the other trusted forest. This is also a trasitive trust, which means if you create a 2 way forest trust any child domains in the forest will also inhertie this trust.

You can also use Selective Authentication to restrict what users/computers can be accessible from the trusted forest. This would be the best method to ensure that you are locking down your objects and not allowing everyone from the trusted forest to access resources.

Selective Authentication
https://technet.microsoft.com/en-us/library/cc758152(v=ws.10).aspx

Will.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40611330
Ah cool,

That does make sense. So in this case I just need to allow the user in Site Offices to login using the ParentCompanyAD.com\User so I guess I will have to set the one way trust from each of the site offices DC to the parent company AD through the "Active Directory Sites and Services" console.

is that correct ?

in that way the user in the head office shouldn't be confused by too many drop down to select the AD domain during the logon process.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 2000 total points
ID: 40611535
Yes that is correct. One way trust is exactly what it states. Users for the trusted site can login to the trusting site. This would suffice for what your trying to accomplish.

Will.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40611653
Thanks Will,

But what happened if the Site Office AD domain name is the same or if there is the same AD domain name already exist ?

Do I have to rename the AD domain first before establishing trust from the Site office before trusting it with the parent Company AD ?
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 2000 total points
ID: 40614798
To be completely honest i have never run into something like this. I would expect that you would not have to rename the domain because both domains have different unique GUID's. It just might be confusing for humans when looking at the names in the Trust window. domaina.com has a trust with domaina.com could get confusing.

Will.
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40634574
thanks Will !
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question