Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Can group policies apply, in one way trust between the ABC.com domain and XYZ.com domain two forests
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 47%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPB%3C/text%3E%3C/svg%3E)
Prashant B
11
Reputation points
Hi Tea,
Can group policies applied, in one way trust between the ABC.com domain and XYZ.com domain two forests.
We have two forest domain, one is ABC.com and another is XYZ.com, and there is one way trust configured from ABC.com to XYZ.com.
If we have applied any GP in ABC.com, will it be replicated to XYZ.com and it should not happen the other way round.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
4 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2020-08-04T01:26:46.087+00:00 -
Prashant B 11 Reputation points
2020-07-30T14:30:10.247+00:00 Hi FanFan,
Customer want to configure one way trust between ABC.com and XYZ.com, but they are not going to use any resources of cross domain. They just want to managed group policy of XYZ.com forest from ABC.com forest.
**when users from XYZ.com need to logon to workstation in domain ABC.com,right?
==> they don't want to use any cross forest resources.-
Anonymous
2020-07-31T01:57:08.223+00:00 Hi,
Based on my research , i don't think group policies can be managed across forests through a one way trust .Best Regards,
Sign in to comment -
-
Prashant B 11 Reputation points
2020-07-29T13:34:47.067+00:00 Hi FanFan,
thanks for your reply...
Had discussion with the customer, they want to configure one way trust between ABC.com & XYZ.com and whatever group policies they applying on ABC.com that policies replicate to XYZ.com, means all policies they want to managed from ABC.com.
They don't want to access resources of other domains. only Group policies of XYZ.com this forest, they want to managed from ABC.com.
is this possible ?
-
Anonymous
2020-07-30T07:54:33.163+00:00 Hi,
A little confused about the situation:
ABC.com (trusting) XYZ.com (trusted) .
when users from XYZ.com need to logon to workstation in domain ABC.com,right?
Policies won't replicate to other forest.
If the condition i mentioned is right. and when users from XYZ.com logon to ABC.com would apply. And the requirement is :the policy Allow cross-forest user policy and roaming user profiles was enabled in domain ABC.com.
If you don't want any policies to be applied accross, then :the policy Allow cross-forest user policy and roaming user profiles should be disabled in domain ABC.com.Best Regards,
Sign in to comment -
-
Anonymous
2020-07-29T01:23:01.823+00:00 Hi,
If the condition is that there is a one way forest trust:form ABC.com (trusting) to XYZ.com (trusted) .
Based on my experience: when users from XYZ.com logon to workstation in domain ABC.com, the user policies deployed from XYZ can be also applied with one condition :the policy Allow cross-forest user policy and roaming user profiles was enabled in domain ABC.com.Also did a test : one way trust ,pki.com (trusting), fan.local(trusted) ,user f1.fan.local logon to client 1. pki.com as following:
Deploy a GPO on domain pki.com , and enable the policy : Allow cross-forest user policy and roaming user profiles.
Create a GPO for f1 in fan.local, set a mapping drive policy and hide all the items in desktop policy.
Then when user f1.fan.local logon to client 1. pki.com, all the uer policies (mapping drive policy and hide all the items in desktop policy)applied as following:
Since it is a one way trust, it only works for the situation when users from trusted domain logon to trusting domain.