Questions tagged [trust-relationship]
The trust-relationship tag has no usage guidance.
88
questions
6
votes
4
answers
7k
views
Purposefully break trust relationship with Windows Domain
For testing purposes I am trying to purposefully break trust relationships with the Windows Domain. What is the quickest way to kill it off? "Unfortunately", broken trust relationships don't regularly ...
4
votes
1
answer
5k
views
Netlogon - Domain Trust Secure Channel issues - Only on some DCs
We have a 2 domain environment. We were having issues with slow connections, authentication failures, and hung resources only during OFF-PEAK hours when there were very few users logged on.
The ...
2
votes
1
answer
6k
views
Active Directory Authentication Through a Trust and Querying For Users From Trusted Domain
Domain A (Forest Tree Root) (Primary Domain)
Domain B (Direct Outbound) (Direct Inbound)
There is a two way trust between the two Forests Domain A/B. This scenario is used to connect two companies ...
2
votes
1
answer
363
views
Restrict forest-trust to a single DC pair
We have two AD forests with a trust in place. fwDomain has been firewalled from accessing resources in corpDomain.
corpDomain has one DC within the firewall boundary and has the ability to communicate ...
2
votes
1
answer
4k
views
LDAP simple bind to cross-forest Active Directory with 2-way trust
I have two forests (example.local and accounting.local) that have 2-way trust established. On accounting, I can bind using accounting\bind. However, it fails from example.local
ldap_bind: Invalid ...
2
votes
2
answers
4k
views
DC with two-way forest trust does not see objects from another forest
I have 2 forests - domainA.com and domainB.net. There are two-way trust set up on each. When I try search objects located on domainB.net from domainA.com it gives me following error:
The system ...
2
votes
1
answer
5k
views
Does AD one-way trust demand admin priviliges on both domains?
Does AD one-way trust demand admin priviliges on both domains?
Say I'm domain admin for domain A, and I want to give user from domain B access to stuff on domain A, which they can reach by VPN. From ...
2
votes
0
answers
1k
views
Windows client cannot get cross-domain ticket, but a Linux one (from WSL) can
I am trying to and failing to authenticate my Kerberos credentials when doing ssh from a Windows 11 client joined to a Windows Server 2019 domain (let's call it AD.LOCAL) to a Linux host joined to a ...
2
votes
1
answer
2k
views
Universal Groups not working across domain trusts
I have a problem with Universal groups across a trust - membership of the universal group gives rights from one domain in a forest but not from another domain in the same forest - I've set up a test ...
2
votes
0
answers
836
views
Setup keystore and truststore in elastic beanstalk
Im new to AWS, mutual authentication. However I have not setup elastic bean stalk. I am working with a payment API. The organization that has setup the API requires a keystore and trust store to be ...
2
votes
1
answer
1k
views
Creating a cross-forest Trust between two Active Directory Forests hosted on Azure VMs? (separate subscriptions)
I see that it's possible to create a cross-forest Kerberos Trust between an on-premises AD Forest and a Forest hosted on Azure VMs. But is it also possible to create a cross-forest Trust between two ...
2
votes
0
answers
821
views
Slow response time when using ADUC utility to search a trusted domain
Current Setup: I have child 2 domains, one in America (amer.domain.com) and one in Asia (asia.domain.com) in the same forest. Both domains are connected via MPLS links.
In each physical site, there ...
1
vote
5
answers
3k
views
How to establish trust relationship when logging in with the old password and network disabled?
I have two computers in the same domain that I use, recently I changed the domain password on one of them.
When I tried to login with the same account on the other machine I get:
The trust ...
1
vote
1
answer
576
views
DNS configuration for domain trust
I am the DNS administrator for domain1.com. We are setting up a trust with child.domain2.com. This will allow us to resolve all resources in child.domain2.com. There is also a resource in domain2....
1
vote
2
answers
35k
views
Command to check trust relation between 2 domains
Good Day,
Do we have any command where we can check the trust relationship between 2 domains.
Example :
lets consider there is a domains called xyz.1.com and abc.1.com how can we know whether there ...
1
vote
1
answer
5k
views
Apache Guacamole Login with User from DomainA, rdp to Server from DomainB
Overview
We log into Gucamole with a User from DomainA where we select a rdp-connection to a server from DomainB.
Trusts
DomainA to DomainB and vice versa:
Type: External
Kerberos AES Encryption ...
1
vote
1
answer
363
views
Forest trust relationship between WAN and LAN through Pfsense
I'm using Pfsense with 3 interfaces : LAN, DMZ and WAN. The LAN contains my Domain Controller and my main forest of course (abc.com), the DMZ contains some web servers. The other forest is located ...
1
vote
1
answer
1k
views
the trust relationship between this workstation and the primary domain failed windows 7
First of all, I know how to solve this problem.
but I really wonder why this issue has came out ???
I saw just one post that the reason for this error may be the system time difference on both ...
1
vote
1
answer
2k
views
How to use member of trusted domain in GPO?
I have two test domains and one trusts another.
On trusting domain GPO I need to add a group from trusted domain to remote desktop users group which will apply to all computer objects in trusting ...
1
vote
1
answer
1k
views
Cross-Realm-Trust between Active Directory and MIT Kerberos
I am currently in the process of extending my development environment, which used to only run Linux servers so far, by adding machines running Windows Server 2016. The authentication process is ...
1
vote
1
answer
5k
views
Is SID Filtering Enabled?
I ran nltest /domain_trusts and received the following output:
List of domain trusts:
...
1: TESTLAB TESTLAB.COM (NT 5) (Direct Outbound) ( Attr: 0x8 )
I don't understand the attribute field....
1
vote
1
answer
877
views
Proper way to manage privileged admin groups for two trusted Active Directory forests?
The scenario is:
There are two domains (DomA and DomB) with a trust relationship. The relationship is forest wide with the exception that DomA can access resources in DomB, but users in DomB should ...
1
vote
1
answer
57
views
Server frequently hangs, my client wants me to do X while the proper solution is Y
This question is more on etiquette rather than an actual server issue.
2 servers owned by a client of mine frequently stop responding (Fast, then really sluggish as in it takes 1 minute to execute ls,...
1
vote
0
answers
233
views
Problems with netdom trust
First, I want to create a one way forest trust with this command on the "main.adds" domain :
netdom trust main.adds /Domain:second.adds /Add /UserD:SECOND\administrator /PasswordD:* /UserO:...
1
vote
1
answer
101
views
Unable to rename the DN using trusted domain user credentials
I have two AD in which two-way trusts relationship(forest and transitive) exists. Trusted domain are trust1.com and trust2.com.
I created a AD-User(TEST1) in trust2.com using administrator ...
1
vote
0
answers
235
views
Forest trust: SPN mismatch for non-fully-qualified name
Setup
All computers running Windows Server 2019.
Domain A
Item
Value
Fully Qualified
Domain Name
DomainA
DomainA.local
User
UserA
[email protected]
Server
FileServer
FileServer.DomainA.local
...
1
vote
1
answer
506
views
Active Directory trust fails (AWS Managed AD)
I've created AWS managed AD and try to create trust with my on-prem. After a lot of tries and solid research on the internet I keep getting this error :
The remote domain ***** is not reachable. ...
1
vote
1
answer
193
views
Active Directory 2016 trust issues
I am trying to set up a forest trust and use ADMT to migrate users using this set of instructions; ADMT Instructions . I am having issues getting the two-way trust to work. Domain A (testad.domain....
1
vote
1
answer
776
views
GPO and Security Groups in multiple domain
I have 2 forests, each with one domain with a bidirectional trust.
I have created security groups in forest A, to access folders, where I have added both users from forest A and B, the accesses are ...
1
vote
0
answers
193
views
How do you monitor an external domain trust?
We have multiple external domain trusts with different companies, and while I know how to validate the trust in "Windows Domains and Trusts", I am wondering if anyone knows how to monitor it ...
1
vote
0
answers
28
views
\\machinename cannot open network share while \\ipaddress work in cross domain
We have established a two-way trusted domain environment. All servers are Windows Server 2019. In server1.domainA.com there is shared drive. In server2.domainB.com, we tried to browse with \\server1 ...
1
vote
0
answers
478
views
Unable To Establish a Two Way Trust Between AWS AD DS and a Dedicated AD Server
I have a bit of a unique situation, I have a series of AWS servers that all have Active Directory installed on them (DNS and a bunch of other things too) and are Domain Controllers, I'm trying to ...
1
vote
1
answer
123
views
How to know the origin of a certificate on a windows PC (Especially Win 10 embedded LTSB)
I have a specific type of problem but maybe someone have a hint for me:
We have some systems with special PCIe-Hardware for which we wrote and signed a driver. One certificate in the path of trust is ...
1
vote
0
answers
1k
views
How to set up Linux AD Authentication to Trusted Domain
I have successfully joined a CentOS 7 server to a Windows Server 2012R2 domain: domain1.local. This domain hosts test server objects that we've created for experimentation.
domain1.local is the ...
1
vote
0
answers
107
views
Can we use Forest Trust or ADFS to address administrative cost of disconnected AD users in Forest A with mailboxes in Forest B
Scenario:
We currently have two domains under two forests ABC.com AND DEF.com each with their own exchange 2016 instance. We need to migrate mailboxes from ABC.com to DEF.com but we still want ABC....
1
vote
1
answer
3k
views
Reading windows nltest /server /domain_trust output
I'm looking to get a quick accounting of how many trusts we have in our AD environment so I used nltest /server:<domain controller host> /domain_trusts /all_trusts
It's easy enough to figure ...
1
vote
0
answers
171
views
Can I create a child forest without domain admin in the parent forest?
I'm completely new to the Windows Server/AD thing. I'm a linux guy at heart and trying this Windows stuff is mind-boggling.
I have an existing AD domain that I don't manage and is out of my control ...
1
vote
0
answers
738
views
RDP connection gives black screen to users from different forest
I run a virtual Windows Server 2016 machine on Microsoft Azure. This machine is joined to a forest A. Forest A is in a bidirectional trust relationship with forest B.
If I RDP to this machine with a ...
1
vote
0
answers
91
views
How do you configure sid name lookup over a network trust for historical sids
I have the following problem with sid to name lookups.
Domain A has been migrated to Domain B with sid history.
Users in Domain B have their primary Domain B sid and a historical sid from Domain A.
...
1
vote
0
answers
854
views
One way external trust between domains
My company sells software solutions to customers and as part of the delivery we also provide the hardware and configuration.
Despite on paper all the hardware and operating systems belonging to the ...
1
vote
0
answers
415
views
Trust relationship not working in Windows server 2012?
Error: you don't have proper trust relationship with this workstation.
I have two different forests, XYZ.com and ABC.com. I have made two way trust relationship between these forests with conditional ...
1
vote
0
answers
322
views
Windows Server 2012R2 -> Trusted Root CA Store (Local Computer) not listed in SERVER HELLO / CERTIFICATE Request filed of TLS1.2 handshake
my company developed a .net based application (relying on SChannel) aimed at performing TLS1.2 mutual authentication between 2 instances of the same SW, one acting as client and the other one as ...
1
vote
2
answers
801
views
Setup Domain Trust fictitious domains on dynamic IP's with Windows Server 2008 R2
Have a customer with two separate offices / companies, eg:
domainone.local (Windows Server 2008 R2)
domaintwo.pvt (Windows Server 2008)
Each office has a dynamic IP when connecting to the internet.
...
0
votes
3
answers
4k
views
Re-establishing the Trust Relationship [closed]
I am on a network where communication is done through static IPs.
On a fairly regular basis I need to swap machines, that is to say unplug a machine, lets say: 10.50.5.1 and plug in a new machine in ...
0
votes
2
answers
120
views
Network share with an untrusted domain
We have a network share on a Windows Server 2022 which hosts a number of both "production" files as well as development files. We have two domains - a prod domain (ex. "prod.local")...
0
votes
1
answer
542
views
Establishing security trust between two domains without VPN
We have a company we recently acquired and we would like for them to access our SQL Server Analysis Services (via Excel file) on our company's domain. They are external users with separate Windows ...
0
votes
1
answer
507
views
Not able to "Run As" any application on a server in the TRUSTING domain using an account from the TRUSTED domain
There are two domains: "dom1" and "dom2".
"dom1" is the trusting domain.
"dom2" is the trusted domain.
I.e. there is a one way trust where domain "dom1" trusts domain "dom2".
Servers joined to ...
0
votes
1
answer
5k
views
How can I set the 'The other domain supports Kerberos AES Encryption' setting programmatically?
In the GUI (Active Directory Domains and Trusts MMC Snap-in (domain.msc)), you can set the "The other domain supports Kerberos AES Encryption" setting for a trust relationship:
I am looking ...
0
votes
1
answer
2k
views
How can I delete an outgoing trust on Windows Server when an internal error occurs?
Unfortunately, the Active Directory Domains and Trusts MMC Snap-in (domain.msc) lets you create an outgoing trust to a Domain Controller (in other words: specifying the name of a Domain Controller as ...
0
votes
1
answer
935
views
Restrict AD logon between child domains
Let's say that we have 3 domains (and 3 DC's) where contoso.local is the root domain, dep1.contoso.local is a child domain of contoso.local and dep2.contoso.local is another child domain of contoso....