Share via

How to create multiple users and assign permission in bastion forest?

Khushboo Kumari 20 Reputation points
2024-01-01T11:53:53.4633333+00:00

Hi,

I have configured the bastion forest using the below MS article, I am totally new on it. I have some questions regarding the user creation and permissions assignments:

  1. How do I create multiple users and assign permissions for the corp forest? Basically, I want to know the workflow and test case (as mentioned in one user scenario in the article).
  2. What are the permissions we can create and assign? list of permissions. (As mentioned in the permission corp folder in the MS article?)
  3. How will the corp forest and priv forest users accounts work? where they login?

Thanks!

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Identity Manager
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wesley Li 11,770 Reputation points
    2024-01-03T02:57:10.1733333+00:00

    Hello Khushi kumari,

    Creating multiple users and assigning permissions in a bastion forest involves several steps. Here’s a high-level overview:

    Creating Users: You can create users in the corp forest using Active Directory Users and Computers tool or PowerShell cmdlets. For example, you can use the New-ADUser cmdlet in PowerShell to create a new user.

    Assigning Permissions: Permissions in a multiple forest topology are applied to all Exchange objects within a single forest and the configuration in each forest is configured independently of all other forests. When you create a role group in one forest, that role group doesn’t exist in any other forest and the permissions granted by that role group apply only to the forest in which it was created.

    List of Permissions: The permissions can range from full control (Owner) to the fewest rights (Contributor). After choosing a permissions level, you can fine-tune the permissions by selecting buttons or checking and unchecking boxes.

    Corp and Priv Forest User Accounts: The corp forest and priv forest user accounts work based on the trust established between them. The corp forest is configured to trust the priv forest, so the elevated account being used to access a resource in the corp forest appears to be a member of that resource’s security groups. Users in the priv domain can access resources on the corp domain.

    Best Regards,

    Wesley Li

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.