Hi,
Thank you for posting in our forum.
You can try the materials in the link to learn about cross-forest trust and joint trust opinions
reference:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/active-directory-trust
Best wishes
Vicky
Cross Forest Trust and Federated Trust opinion
Hi community
I am abt to propose a body of work to resolve a situation with an old design here at work.
Our Primary Corporate forest supporting 8000 employees and with about 11 Tree structure domains, has a completely isolated 10 year old forest alongside it for Secure Data purposes. The isolated forest IS within the corporate network perimeter, but outside the Primary Corporate AD Forest.
It's comprised of Just one server currently, shared data on it, 250 or so people connect to it from time to time, from the primary forest using local laptop batch files and map drives. the latter is not a good setup.
I was looking at, bearing cost, complexity, and reward for effort in mind when considering options:
- Create a one way cross forest trust, destination trusting source
- All the primary AD ports are already open from source to Destination, I just tested them, as is SMB
- Add source accounts into destination security groups, same groups as the destination account the users have been authenticating with.
- That should result in the Foreign principals being generated
- In theory, that's it. That should allow us to get away from the batch file stuff, in that the local user should be able to log onto source domains as per normal, and then when I map drives for them with GPO to the destination forest, in theory no usernames and passwords need chnage hands.
However. I am certain our security team will need to be involved, and they will ask how secure this is. And if they know anything about auth and seperate organizations, they could ask whether a Federated trust between the 2 forests is a better idea.
So...opinions. When it comes to determining the longer term administration, as well as the shorter term solution design, testing, deployment, ongoing complexity..... what scale of difference am I looking at here between option 1 (Corss forest trust and FSP's).....and option 2 (Federated orgs)....
Any thoughts people?
Coop
1 answer
Sort by: Most helpful
-
Vicky Wang 2,731 Reputation points
2021-02-08T09:33:51.167+00:00