RD gateway in Trusted domain

Question

Hi,

We have two domain Domain A, Domain B. The Remote desktop deployment is setup in Domain A. All the VDI Machines are setup in Domain B. There is a trusted relationship between the two domains.

The issue we have is we want to logon to the VDI in Domain B as username@mathieu.company .com which is the UPN for Domain B. The issue is that when we connect to Remote desktop setting on Domain A it requires the domain\Username. (The trusted relationship was setup on 2003 so domain suffix are not setup.). You can logon to a machine in Domain B as username@mathieu.company .com.

We thought we might be able to setup an RDWeb and Gateway on domain B, which would then allow us to authentication using username@mathieu.company .com and get the VDI information from Domain A.

Unfortunately we don't seem to be able to deploy the RDWeb or Gateway on a computer in Domain B. Keeps saying unable to connect with remote powershell. I have tried wsman setting to allow remote PS, but that does not help.

I am just wondering if anyone has setup a Remote desktop deploy with RDWeb and Gateway in a trusted domain? If you have how did you set it up?

Regards

Craig G

Answer 1

Hi. Thank you for your question and reaching out.

The cross-domain authentication will be erased when you establish a new trust relationship between two domains.
The cross-forest and cross-domain authentication will be enabled once confidence has been regained.

We fear that this can lead to a scenario in which the present arrangement is lost. Example: The Domain B Security Group in Domain A is no longer functional since the SID has changed. Any additional challenges this might present

The SID does not change. Domain A will show the SID of the Domain B Security Group rather than its name when the trust is revoked. due to the lack of trust-based suffix name resolution. When the trust is broken, conduct like this is typical.

-----------------------------------------------------------------------------------------------------------------------------

If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

Answer 2

HI

Thanks for your response, and it follows with what I have found online.

So, to confirm the Trust relationship does not make any changes to the domains it just allows communication between the domains. Delete a trust relationship will remove the communication between domains but not any configuration within each domain.

While the trust is deleted communication will not work between domains so you will not be able to connect to resources using credentials from the remote domain.

Once the trust relationship is re-created then you will be able to connect to resource using credentials from the remote domain without having to reconfigure any settings.

Do I understand this correctly?

Sorry if this sounds like a repeat of the same question just need to be certain is will not create issue.

I am also trying to have a roll back plan. Can you confirm if this would work.
Backup all DC in both domain before delete Trust. (This would be a full backup of the DC VM)
In the event that there is an issue with delete and recreating the trust we can restore all DC VM to the state before delete the trust.
This would put the trust back to the same state as before the trust was deleted. So, it should resolve any issue we might have with the deletion of the trust.

Regards
Craig Garland