Active Directory Trusts

From SambaWiki
Revision as of 09:52, 22 November 2016 by Slowfranklin (talk | contribs) (Created page with "= Support for Active Directory Trusts = External trusts between individual domains work in both ways (inbound and outbound). The same applies to root domains of a forest trus...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Support for Active Directory Trusts

External trusts between individual domains work in both ways (inbound and outbound). The same applies to root domains of a forest trust.

The transitive routing into the other forest is fully functional for kerberos, but not yet supported for NTLMSSP. FIXMEFIXMEFIXME: what does this mean from a functional perspective?

While a lot of things are working fine, there are currently a few limitations:

  • Both sides of the trust need to fully trust each other!
  • No SID filtering rules are applied at all!
  • This means DCs of domain A can grant domain admin rights in domain B.
  • It's not possible to add users/groups of a trusted domain into domain groups.
Retrieved from "https://wiki.samba.org/index.php?title=Active_Directory_Trusts&oldid=12574"