Active Directory Cross-domain Authentication
The user Smith is authenticated on domain office.contoso.com. This domain is in trust with hosted.contoso.com and provides the user Smith with a ticket for the host1.hosted.contoso.com.
In other words: The user is authenticated in its own domain (the other domain can't verfiy). So when the user connects to a foreign domain, the DC creates a valid ticket for the other domain (if trusted domains). So in your example, host1 doesn't need to see dc.office, but dc.office needs a connection to dc.hosted.
Also have a look at http://blogs.msdn.com/anthonw/archive/2006/08/02/686041.aspx
Related videos on Youtube
12 : 44
12 : 30
01 : 40
08 : 40
16 : 36
Comments
-
James Hawkwind over 1 year
When a workstation or server attempts to authenticate a user on another domain, does the workstation or server contact the other domain's DC directly to authenticate after contacting the local domain DC? Or does the local domain DC do the authentication request on behalf of the workstation?
Example:
I currently have two domains.
Domain hosted.contoso.com and office.contoso.com.
All users are created in the office.contoso.com domain, so a user [email protected] wants to login to a machine host1.hosted.contoso.com. Does host1.hosted.contoso.com need to have visibility to domain-control.office.contoso.com directly?-
Massimo over 14 years+1, always wanted to know that...
-