Active Directory Trust Question on 2008 R2 OS

Hi Experts,
In AD trust properties, there is a box that can be checked off called "The other domain supports Kerberos AES Encryption"...what does this actually do and what is the expected behavior if this option is checked? Please advise.

Thank you!
IT_Admin XXXXAsked:
Who is Participating?
 
Dustin SaundersDirector of OperationsCommented:
The technet page is here: https://technet.microsoft.com/en-us/library/dd145414.aspx

Essentially, just says whether or not the other domain can use the AES encryption, then uses it.  As long as you are on 2008 or newer and Win7 or newer on workstations you should have no issue.  

This blog post ( https://blogs.technet.microsoft.com/enterprisemobility/2007/11/02/server-2008-and-windows-vista-encryption-better-together/ ) has some more detailed information.
1
 
sAMAccountNameSr. Systems EngineerCommented:
As I understand it by checking that option, you are adding AES as an accepted encryption cipher which can be used to secure the trust.  I'll let others expand if they have more information
0
 
Dustin SaundersDirector of OperationsCommented:
Both correct answers to the question, with links to supporting documentation.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.