Click here to get back home

One-way inbound trusts
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
One-way inbound trusts Wowbagger 02-27-2006
Posted by Wowbagger on February 27, 2006, 12:41 pm
Please log in for more thread options
 In our office environment there is an existing domain that everybody uses,
hosted on a server over which I have no control. I want to create a
separate domain on a new server for our own private workgroup complete with
a separate domain, entirely separate from the other.

Will a one-way inbound trust allow any authorized in existingdomain access
newdomain?



Posted by Brian Komar [MVP] on February 27, 2006, 8:53 pm
Please log in for more thread options
 "Wowbagger" <none> says...
> In our office environment there is an existing domain that everybody uses,
> hosted on a server over which I have no control. I want to create a
> separate domain on a new server for our own private workgroup complete with
> a separate domain, entirely separate from the other.
>
> Will a one-way inbound trust allow any authorized in existingdomain access
> newdomain?
>
>
>
If the existing environment is an Active Directory
environment, I just want to caution you that setting up
a new domain/forest is not a casual decision, and should
really be thought over...

Your question is confusing though as to the trust
relationship. If you create a trust so that the new
fiefdom domain trusts the existing account domain, then
accounts from the existing account domain can be
assigned permissions or memberships in domain local
groups in the new fiefdom domain.

Again, I really do not recommend setting up a new
domain. If you do not have control of the domain, it is
probably for a corporate reason, and setting up a new
domain for bypassing this security could be a security
policy issue.

Brian

Posted by Roger Abell [MVP] on February 28, 2006, 8:37 am
Please log in for more thread options
I will just add to Brian's great advise, as I notice that all discussion
was about domains, with no mention of forest.

If the new domain is within the forest of the other domain, then you
would really not be gaining as much as you may think since the
inherent trusts between domains within a forest will exist. You could
still exert control over much for limited user accounts of the other
domain, along the lines Brian outlined.

Either way (one or two forests) however, setting up a new domain is
not something one does on a whim in order to attempt solving some
believed need.
Rather, as suggested, it should be well thought through and planned.

"Wowbagger" <none> wrote in message
> In our office environment there is an existing domain that everybody uses,
> hosted on a server over which I have no control. I want to create a
> separate domain on a new server for our own private workgroup complete
> with a separate domain, entirely separate from the other.
>
> Will a one-way inbound trust allow any authorized in existingdomain access
> newdomain?
>
>



Similar ThreadsPosted
Forest Trusts December 6, 2007, 4:03 pm
Creating domain trusts September 23, 2006, 2:12 am
Question regarding PKI architecture with cross domain trusts. September 17, 2007, 2:48 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap