Re: One-way inbound trusts

From: Brian Komar [MVP] <bkomar@xxxxxxxxxxxxxxxxx>
Date: Mon, 27 Feb 2006 19:53:59 -0600

In article <eCk33P8OGHA.1288@xxxxxxxxxxxxxxxxxxxx>,
"Wowbagger" <none> says...

In our office environment there is an existing domain that everybody uses,
hosted on a server over which I have no control. I want to create a
separate domain on a new server for our own private workgroup complete with
a separate domain, entirely separate from the other.

Will a one-way inbound trust allow any authorized in existingdomain access
newdomain?

If the existing environment is an Active Directory
environment, I just want to caution you that setting up
a new domain/forest is not a casual decision, and should
really be thought over...

Your question is confusing though as to the trust
relationship. If you create a trust so that the new
fiefdom domain trusts the existing account domain, then
accounts from the existing account domain can be
assigned permissions or memberships in domain local
groups in the new fiefdom domain.

Again, I really do not recommend setting up a new
domain. If you do not have control of the domain, it is
probably for a corporate reason, and setting up a new
domain for bypassing this security could be a security
policy issue.

Brian
.

References:
- One-way inbound trusts
  - From: Wowbagger

Prev by Date: One-way inbound trusts
Next by Date: IAS Issue
Previous by thread: One-way inbound trusts
Next by thread: Re: One-way inbound trusts
Index(es):
- Date
- Thread

Relevant Pages

One-way inbound trusts
... In our office environment there is an existing domain that everybody uses, ... hosted on a server over which I have no control. ... a separate domain, ...
(microsoft.public.windows.server.security)
Re: Somehow created subdomain of SBS domain
... I'll probably just get rid of the subdomain, ... > You may still need to describe your reasons for creating a separate Domain ... > though, sometimes a company might do that to isolate security configurations, ... Some machines may have to uninstall, maybe disable Server applications. ...
(microsoft.public.windows.server.sbs)
Re: Domains & Authentication
... >Terminal Server is in a separate domain? ... >account objects and computer account objects reside ... user base you might ...
(microsoft.public.win2000.active_directory)
Re: Domains & Authentication
... Terminal Server is in a separate domain? ... account objects and computer account objects reside ...
(microsoft.public.win2000.active_directory)
Re: Questions about Multiple SBS Domains and users
... Or put dual NICs in the clients, have them physically connected to both networks, and have them use explicit credentials on the secondary network So, to connect to the second SBS network, they would do: ... And as Charlie said..is it just a case of wanting a separate domain for email. ... Cris Hanna [SBS - MVP] ... But if you need to keep them in entirely separate domains, then you're either going to have to move to a full Server 2k3 environment, with two Server 2k3 boxes, no SBS at all to have employees who have accounts with access to both domains. ...
(microsoft.public.windows.server.sbs)