Switching from a Domain level authentication to Selective authentication in a One Way Outgoing trust

Corey Luihn 21 Reputation points Microsoft Employee
2021-03-12T15:54:55.847+00:00

I have a One Way outgoing trust setup with Domain Level Authentication setup. I want to change it to selective authentication. With me being the trusting domain and the other domain be the the trusted domain, if I change to Selective Authentication will there need to be any action on the part of the trusted domain?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,810 questions
0 comments No comments
{count} votes

Accepted answer
  1. Fan Fan 15,361 Reputation points Microsoft Vendor
    2021-03-15T01:37:46.447+00:00

    Hi,

    No more actions need to be operated on the part of the trusted domain.

    After you switching from a Domain level authentication to Selective authentication, you also need to be granted "Allowed to Authenticate" right on the file server if the users from the trusted forest want to access resources from the trusting forest.

    To assign the permission:

    1. Login to local domain controller where the resource (workstation) resides. Open AD Users and computers – switch to Advanced Features view.
      Find the workstation you are trying to login to – right click – properties – security tab.
    2. Under group or Usernames – click Add.
    3. Select Locations – select domain that contains the user account trying to login.
    4. Enter username – click OK – authenticate with account that has access.
    5. Select user – then in permissions for user select “allow” for allowed to authenticate.

    Best Regards,

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.