trust in Window

What's the different between outgoing trust and incoming trust under Window server ?

Tks
AXISHKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TemodyPickalbatros, IT ManagerCommented:
It's different between traffic as source or destination
So you can block or allow your server to listen to specific port or ip
Or allow other network devices to listen also to your server
So you can block traffic from your server to port 123
And allow it from your network to server
0
AXISHKAuthor Commented:
I'm talking about this setting.
Trust.png
0
Kash2nd Line EngineerCommented:
in simple words, its a ONE way or TWO way relationship.

If you have just setup Incoming trust then this means incoming connections are being trusted etc and Outgoing means same other way around.



    Incoming Trust: With incoming trust, the trust is created in the trusted domain and users in the trusted domain are able to access network resources in the trusting domain or other domain. Users in the other domain cannot however access network resources in the trusted domain.
    Outgoing Trust: In this case, users in the other domain can access network resources in the initiating domain. Users in the initiating domain are not able to access any resources in the other domain.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

AXISHKAuthor Commented:
still cannot get it, any example?
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Look at it this way, the direction of the trust is the opposite of the access.  Trusting domain will allow users from trusted domain, which means the direction of the trust will be from trusting domain to trusted domain.
0
AXISHKAuthor Commented:
Suppose two domain,  DomainA  and DomainB

For user in DomainA can access resource (File, Exchange, SQL server) in Domain B but not in reverse way, what should I configure for incoming/outoging trust for DC in DomainA and Domain B respectively ?

Tks
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Trust will go from Domain B to Domain A.  Domain B will the trusting Domain and Domain A will be the trusted Domain.
0
Jeff GloverSr. Systems AdministratorCommented:
Outgoing trust (top one) users in the specified domain can be given access to resources in this domain
Incoming trust (bottom one). Users in this domain can be given access to resources in that domain.

 If you set an incoming trust from a remote domain, then users from your domain can logon to workstations in the remote domain and you can add them to NTFS and share permissions in the other domain.
0
AXISHKAuthor Commented:
On Domain A server (Top)
Outgoing trust  : Domain B

On Domain B server (Bottom)
Incoming trust : Domain B

Is it correct ?

Tks
0
Jeff GloverSr. Systems AdministratorCommented:
Close.
On Domain A server
Outgoing trust: Domain B
Domain B users can be given access to resources in Domain A. So a User from domain B could logon physically to a PC in Domain A using either their UPN login or domain B\Username. Users from Domain B can be added to domain local groups in Domain A to access resources.

On Domain B server
Incoming Trust : Domain A.
 Means the same thing. Basically your users in Domain B can access Domain A resources but not vice versa.
This is called a One way trust. Has been basically the same since NT 4.

If you have both an incoming and outgoing trust to the same domain, then it is a two way trust.  AD forests add Two way transitive trusts automatically between domains. This way, users can logon to any workstation in the forest.
Hope this helps
0
AXISHKAuthor Commented:
Is there any typo mistake ? I need Domain user A to access resource in Domain B but not in the other way.

 On Domain A server
 Outgoing trust: Domain B
 Domain B users can be given access to resources in Domain A. So a User from domain B could logon physically to a PC in Domain A using either their UPN login or domain B\Username. Users from Domain B can be added to domain local groups in Domain A to access resources.
0
Rakesh KapoorCommented:
I'll try to explain the same in simple language. If you are trusting your friend then it's an incoming trust for your friend and it's an outgoing trust for you.

More over if you are trusting your friend then he can access your resources however you cannot access his resources because it's only one way and not both the ways..

Hope it's clear. More articles are available on http://www.itingredients.com
0
AXISHKAuthor Commented:
So, is the setting correct, tks

For user in DomainA can access resource (File, Exchange, SQL server) in Domain B but not in reverse way :

On Domain A server (Top)
 Outgoing trust  : Domain B

 On Domain B server (Bottom)
 Incoming trust : Domain B
0
Rakesh KapoorCommented:
It's simple, if Domain A is trusting Domain B then it's an incoming trust for Domain B and outgoing to Domain A.

In this scenario, Domain B can access resources of Domain A but Domain A cannot access resources of Domain B.
0
AXISHKAuthor Commented:
For user in DomainA can access resource (File, Exchange, SQL server) in Domain B but not in reverse way

What should I put on the attached two files ? Tks
DomainA-Server.png
DomainB-Server.png
0
Kash2nd Line EngineerCommented:
put IP of server in domain B to Trust in domain A
0
AXISHKAuthor Commented:
0
Rakesh KapoorCommented:
Looks good to me..!!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AXISHKAuthor Commented:
Tks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.