Active Directory Trusts: Difference between revisions
From SambaWiki
Slowfranklin (talk | contribs) (Created page with "= Support for Active Directory Trusts = External trusts between individual domains work in both ways (inbound and outbound). The same applies to root domains of a forest trus...") |
(No difference)
|
Latest revision as of 09:52, 22 November 2016
Support for Active Directory Trusts
External trusts between individual domains work in both ways (inbound and outbound). The same applies to root domains of a forest trust.
The transitive routing into the other forest is fully functional for kerberos, but not yet supported for NTLMSSP. FIXMEFIXMEFIXME: what does this mean from a functional perspective?
While a lot of things are working fine, there are currently a few limitations:
- Both sides of the trust need to fully trust each other!
- No SID filtering rules are applied at all!
- This means DCs of domain A can grant domain admin rights in domain B.
- It's not possible to add users/groups of a trusted domain into domain groups.