• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1135
  • Last Modified:

Forest Trust vs ADFS

My manager has asked me to document what would be needed to connect to another companies Windows domain during an acquisition from a high level point of view.

We current have a Windows 2008R2 domain with 7 DC's. If we took on another company I am thinking a transitive trust so resources could be accessed on both sides along with setting site GP's...again ( lots more to this of course)

 One on my coworkers stated that we should use ADFS which we do have but I stated that ADFS uses a different authentication model SAML and would not support managing workstations and servers via GP... Is my statement correct? If so can you point me to a document I should show them.

Any other items I should be aware of when merger another company using a trust???
1 Solution
Ganesamoorthy STech LeadCommented:
ADFS is not the replacement of AD Trust, ADFS used for web/cloud based applications
for your requirement you have to use AD Trust
compdigit44Author Commented:
Thanks so my understanding was correct then.. Can you point me to any documentation that states this so I can show my coworker and thay ADFS does not support Group Policy of devices

His reason is the once we upgrade the forest and domain level to 2012 R2 ADFS will support computer account authentican making trust a thing of the past which I do not think I right
ADFS is used for giving access to web based applications. If you want to look at it this way.

ADFS is used with web applications/services via SAML. Token based authentication.
AD trusts use Kerberos or NTLM for authentication.

Look here for info from MS: https://technet.microsoft.com/en-us/library/hh831502(v=ws.11).aspx.

ADFS will not allow you to set policy on devices in another forest. Neither will a forest trust. Each forest and domain within a forest are their own administrative boundaries.

Scenario where you would use a trust:

Giving users in foresta access to servers/printers in forestb.

Scenario where you would use ADFS:

Exposing a web application to the Internet so that users can log into it from home.
Single sign-on to Office 365.
And so on.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now