Questions tagged [trust-relationship]
93 questions
6
votes
4 answers
Purposefully break trust relationship with Windows Domain
For testing purposes I am trying to purposefully break trust relationships with the Windows Domain. What is the quickest way to kill it off? "Unfortunately", broken trust relationships don't regularly occur with my set up so I'd like a way to…
Pylsa
- 205
4
votes
1 answer
Netlogon - Domain Trust Secure Channel issues - Only on some DCs
We have a 2 domain environment. We were having issues with slow connections, authentication failures, and hung resources only during OFF-PEAK hours when there were very few users logged on.
The issue occurred when a user from DOMAIN A is accessing…
j-Geek
- 141
2
votes
1 answer
Universal Groups not working across domain trusts
I have a problem with Universal groups across a trust - membership of the universal group gives rights from one domain in a forest but not from another domain in the same forest - I've set up a test set of accounts and groups to demonstrate and try…
Ross
- 133
2
votes
1 answer
Active Directory Authentication Through a Trust and Querying For Users From Trusted Domain
Domain A (Forest Tree Root) (Primary Domain)
Domain B (Direct Outbound) (Direct Inbound)
There is a two way trust between the two Forests Domain A/B. This scenario is used to connect two companies together.
Now, lets say we have an application that…
Wasim Hayatt
- 21
2
votes
1 answer
LDAP simple bind to cross-forest Active Directory with 2-way trust
I have two forests (example.local and accounting.local) that have 2-way trust established. On accounting, I can bind using accounting\bind. However, it fails from example.local
ldap_bind: Invalid credentials (49)
additional info: 80090308:…
2
votes
2 answers
DC with two-way forest trust does not see objects from another forest
I have 2 forests - domainA.com and domainB.net. There are two-way trust set up on each. When I try search objects located on domainB.net from domainA.com it gives me following error:
The system cannot contact a domain controller to service the
…
FanteG
- 161
2
votes
0 answers
Setup keystore and truststore in elastic beanstalk
Im new to AWS, mutual authentication. However I have not setup elastic bean stalk. I am working with a payment API. The organization that has setup the API requires a keystore and trust store to be setup
I have signed up my for AWS and simply setup…
Brian Hawi
- 21
2
votes
1 answer
Does AD one-way trust demand admin priviliges on both domains?
Does AD one-way trust demand admin priviliges on both domains?
Say I'm domain admin for domain A, and I want to give user from domain B access to stuff on domain A, which they can reach by VPN. From what I understand that can be done by setting up a…
2
votes
1 answer
Creating a cross-forest Trust between two Active Directory Forests hosted on Azure VMs? (separate subscriptions)
I see that it's possible to create a cross-forest Kerberos Trust between an on-premises AD Forest and a Forest hosted on Azure VMs. But is it also possible to create a cross-forest Trust between two separate organizations which exist only on Azure…
user2238685
- 123
2
votes
0 answers
Slow response time when using ADUC utility to search a trusted domain
Current Setup: I have child 2 domains, one in America (amer.domain.com) and one in Asia (asia.domain.com) in the same forest. Both domains are connected via MPLS links.
In each physical site, there is 1 domain controller that is joined to the…
Fahmy Aziz
- 105
- 4
2
votes
0 answers
Problems with netdom trust
First, I want to create a one way forest trust with this command on the "main.adds" domain :
netdom trust main.adds /Domain:second.adds /Add /UserD:SECOND\administrator /PasswordD:* /UserO:MAIN\administrator /PasswordO:*
It returns (french Windows…
CFou
- 81
2
votes
1 answer
Restrict forest-trust to a single DC pair
We have two AD forests with a trust in place. fwDomain has been firewalled from accessing resources in corpDomain.
corpDomain has one DC within the firewall boundary and has the ability to communicate with other corpDomain DCs.
The goal is to…
rmarles
- 21
2
votes
0 answers
Windows client cannot get cross-domain ticket, but a Linux one (from WSL) can
I am trying to and failing to authenticate my Kerberos credentials when doing ssh from a Windows 11 client joined to a Windows Server 2019 domain (let's call it AD.LOCAL) to a Linux host joined to a domain managed by FreeIPA (let's call it…
chutz
- 8,300
2
votes
1 answer
Apache Guacamole Login with User from DomainA, rdp to Server from DomainB
Overview
We log into Gucamole with a User from DomainA where we select a rdp-connection to a server from DomainB.
Trusts
DomainA to DomainB and vice versa:
Type: External
Kerberos AES Encryption support: no
Direction: two-way
Transitivity:…
Manu
- 994
- 6
- 19
1
vote
1 answer
Samba access with Redhat IdM authentication from a windows 10 workstation with AD authentication
I'm posting this here after spending the last 5 days searching google, going thru test cases as well as analyzing network traffic in the event that someone could either point me in the right direction or understands what is going wrong.
Scenario:
We…
Mathieu D
- 21