Published RemoteApps did not appear or respond. Renaming references to the location of MSI's for distribution was insufficient. It did not work. Applications that used to run on the server failed to run. An example is Sage Business Works, our accounting package.
We were forced to go to the bare-metal restore option. It worked perfectly, without a single blip. Good work on that one, Microsoft. Nevertheless, we find it kind of weird that we can't have a cross-forest trust without rebuilding our server from the ground up. At Microsoft, I spoke with an engineer who felt that the uniqueness of the FQDN's on each side of the pipe should suffice to establish the trust, despite the duplicate machine names.
If anyone knows a way to make this work, I would love to know how. Frank Kyosho Fallon Zen Mt. Saturday, February 5, PM. Asked 7 years, 1 month ago. Active 7 years, 1 month ago. Viewed 13k times. Our business unit has been bought out by an external entity.
They have servers including domain controllers in their head office data centre domain A. Question - What would we need to do on workstations and servers to: Allow users from domain A HQ to log in to workstations at their new overseas office domain B joined workstations with their normal domain A credentials Still allow the existing domain B users to log in and use their workstations as usual existing domain B active directory accounts can use domain B workstations as before?
Improve this question. What is your question? You appear to have forgotten to ask one. You'll need a Trust - technet. Thanks - does this need to be single direction or bidirectional? At this point I'd suggest reading up on it at the provided link and coming back with specific implementation questions. Providing an answer for your comment would be doing your work for you.
Also, we can't tell you what type of Trust you need that will suit the operational needs and the security paradigm of your organization. Only you can answer that. Add a comment. Active Oldest Votes. Joe's got the right answer and should have posted it as an answer.
You can't add your domain to their forest. A two-way trust is required for domain B users login to domain A workstations, not a stated requirement but a likely next question. When a Kerberos ticket is issued, an Active Directory domain controller logs the following security events. The events contain information about the target domain.
You can use the events to determine whether unconstrained delegation is being used across incoming trusts. Note: Check for events that contain a TargetDomainName value that matches the trusted domain name. When unconstrained delegation is disabled, applications may have compatibility issues with these changes if the applications rely on unconstrained delegation. These applications should be configured to use constrained delegation or constrained delegation that is resource-based.
For more information, see Kerberos Constrained Delegation Overview. Applications that rely on round-trip authentication across trusts are not supported by using constrained delegation. For example, a delegation fails if a user in Forest A authenticates to an application in Forest B and the application in Forest B is trying to delegate a ticket back to Forest A. Consider investigating seperately.
Need more help? Expand your skills. Get new features first. Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help. Can you help us improve? Resolved my issue. Clear instructions. Easy to follow.
No jargon. Pictures helped. Didn't match my screen. Incorrect instructions. Too technical. Not enough information.
0コメント