Switching from a Domain level authentication to Selective authentication in a One Way Outgoing trust

Corey Luihn 21 Reputation points Microsoft Employee

I have a One Way outgoing trust setup with Domain Level Authentication setup. I want to change it to selective authentication. With me being the trusting domain and the other domain be the the trusted domain, if I change to Selective Authentication will there need to be any action on the part of the trusted domain?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,350 questions
0 comments No comments
{count} votes

Accepted answer
  1. Fan Fan 15,191 Reputation points


    No more actions need to be operated on the part of the trusted domain.

    After you switching from a Domain level authentication to Selective authentication, you also need to be granted "Allowed to Authenticate" right on the file server if the users from the trusted forest want to access resources from the trusting forest.

    To assign the permission:

    1. Login to local domain controller where the resource (workstation) resides. Open AD Users and computers – switch to Advanced Features view.
      Find the workstation you are trying to login to – right click – properties – security tab.
    2. Under group or Usernames – click Add.
    3. Select Locations – select domain that contains the user account trying to login.
    4. Enter username – click OK – authenticate with account that has access.
    5. Select user – then in permissions for user select “allow” for allowed to authenticate.

    Best Regards,

0 additional answers

Sort by: Most helpful