AD Trust 2008 Server
-
If you create a trust between server A & server B, does that mean that Admin on Server B will have full access to all files on server A, or does he have to request this access from Admin on server A?
Thanks,
Rich
-
Rich,
Ok, this depends on what you mean by creating a trust between two servers.
IF, the servers are in the same domain, then regular network credentials will allow you to access Server A and B, as long as the Admins have network credentials. Then you can add AdminB to the security group for access.
IF, Server A is in a different Domain than Server B, and you create a domain Trust from the Domain that Server A is in to the Domain that Server B is in, then you've created a trust in which Domain A will trust the identity store and authentication provided by Domain B. This means that you can now have Admin in Domain B in security groups in Domain A, so that you can grant the access to the AdminB if you allow it.
Other's may have better examples to chime in here too.
Cordially,
Ronnie Wong
Host, ITProTV -
What Ronnie said. :)
It also depends on the nature of the trust, there are one-way and two-way, transitive and non-transitive in either variety, and that's just AD to AD. As much as I hate to just link documentation it's a rather complex topic and Microsoft has done a pretty good job explaining it all.
https://technet.microsoft.com/en-us/library/cc773178(v=ws.10).aspx
-
Server B Admin in the UK wants to create a 2 way trust and put servers all on one domain with a single sign on, but I am concerned that it will give users or admins on server B access to files on server A. Server A has some documents that no one outside the USA should be able to access. It will break ITAR requirements.
So my question is by building this 2way trust, would this break ITAR requirements? I can't have Admin on server B or any other user access the files on server A without them being given the access, if they are ITAR certified.
My gut is telling me not to even build the trust at all.
-Rich
-
Admin B insists that it doesn't give him access to files by building the trust. But he is not ITAR certified so he can't have access to the files on Server A or we will have a problem.
-
Rich,
Can you clarify your scenario?
Are the servers in different domains now?
If they are in different domains, are they in the same forest?
When you say Server B admin, are you referring to the local admins group?
If all of your servers are in the same domain, what are you creating the trust between?Trusts are created between domains and forests, not servers.
You can use selective authentication when creating trusts, which will allow you to control what resources are accessible to what groups of users.I'd love to help, just need a little more information.
Mike