?
Solved

Forest Trust  vs ADFS

Posted on 2016-08-04
4
Medium Priority
?
647 Views
Last Modified: 2016-08-11
My manager has asked me to document what would be needed to connect to another companies Windows domain during an acquisition from a high level point of view.

We current have a Windows 2008R2 domain with 7 DC's. If we took on another company I am thinking a transitive trust so resources could be accessed on both sides along with setting site GP's...again ( lots more to this of course)

 One on my coworkers stated that we should use ADFS which we do have but I stated that ADFS uses a different authentication model SAML and would not support managing workstations and servers via GP... Is my statement correct? If so can you point me to a document I should show them.

Any other items I should be aware of when merger another company using a trust???
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 6

Expert Comment

by:Ganesamoorthy S
ID: 41743663
ADFS is not the replacement of AD Trust, ADFS used for web/cloud based applications
for your requirement you have to use AD Trust
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41744396
Thanks so my understanding was correct then.. Can you point me to any documentation that states this so I can show my coworker and thay ADFS does not support Group Policy of devices

His reason is the once we upgrade the forest and domain level to 2012 R2 ADFS will support computer account authentican making trust a thing of the past which I do not think I right
0
 
LVL 17

Accepted Solution

by:
Learnctx earned 2000 total points
ID: 41751467
ADFS is used for giving access to web based applications. If you want to look at it this way.

ADFS is used with web applications/services via SAML. Token based authentication.
AD trusts use Kerberos or NTLM for authentication.

Look here for info from MS: https://technet.microsoft.com/en-us/library/hh831502(v=ws.11).aspx.

ADFS will not allow you to set policy on devices in another forest. Neither will a forest trust. Each forest and domain within a forest are their own administrative boundaries.

Scenario where you would use a trust:

Giving users in foresta access to servers/printers in forestb.

Scenario where you would use ADFS:

Exposing a web application to the Internet so that users can log into it from home.
Single sign-on to Office 365.
And so on.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month14 days, 19 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question