Can group policies apply, in one way trust between the ABC.com domain and XYZ.com domain two forests

Prashant B 11 Reputation points
2020-07-28T09:25:10.963+00:00

Hi Tea,

Can group policies applied, in one way trust between the ABC.com domain and XYZ.com domain two forests.

We have two forest domain, one is ABC.com and another is XYZ.com, and there is one way trust configured from ABC.com to XYZ.com.

If we have applied any GP in ABC.com, will it be replicated to XYZ.com and it should not happen the other way round.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,858 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fan Fan 15,291 Reputation points Microsoft Vendor
    2020-07-29T01:23:01.823+00:00

    Hi,
    If the condition is that there is a one way forest trust:form ABC.com (trusting) to XYZ.com (trusted) .
    Based on my experience: when users from XYZ.com logon to workstation in domain ABC.com, the user policies deployed from XYZ can be also applied with one condition :the policy Allow cross-forest user policy and roaming user profiles was enabled in domain ABC.com.

    Also did a test : one way trust ,pki.com (trusting), fan.local(trusted) ,user f1.fan.local logon to client 1. pki.com as following:
    14009-7292.jpg

    Deploy a GPO on domain pki.com , and enable the policy : Allow cross-forest user policy and roaming user profiles.
    14142-7293.jpg

    Create a GPO for f1 in fan.local, set a mapping drive policy and hide all the items in desktop policy.

    Then when user f1.fan.local logon to client 1. pki.com, all the uer policies (mapping drive policy and hide all the items in desktop policy)applied as following:
    14010-7291.jpg

    Since it is a one way trust, it only works for the situation when users from trusted domain logon to trusting domain.

    1 person found this answer helpful.
    0 comments
  2. Prashant B 11 Reputation points
    2020-07-29T13:34:47.067+00:00

    Hi FanFan,

    thanks for your reply...

    Had discussion with the customer, they want to configure one way trust between ABC.com & XYZ.com and whatever group policies they applying on ABC.com that policies replicate to XYZ.com, means all policies they want to managed from ABC.com.

    They don't want to access resources of other domains. only Group policies of XYZ.com this forest, they want to managed from ABC.com.

    is this possible ?

    1 person found this answer helpful.
  3. Prashant B 11 Reputation points
    2020-07-30T14:30:10.247+00:00

    Hi FanFan,

    Customer want to configure one way trust between ABC.com and XYZ.com, but they are not going to use any resources of cross domain. They just want to managed group policy of XYZ.com forest from ABC.com forest.

    **when users from XYZ.com need to logon to workstation in domain ABC.com,right?
    ==> they don't want to use any cross forest resources.

    1 person found this answer helpful.
  4. Fan Fan 15,291 Reputation points Microsoft Vendor
    2020-08-04T01:26:46.087+00:00

    Hi,
    Welcome to share your current situation if there are any updates.
    Please feel free to let us know if you need further assistance.
     
    Best Regards,

    1 person found this answer helpful.
    0 comments