trust, sidhistory and workstation related questions

Hi,

As per discussions in earlier post, workstation criteria matters in authentication as long as there is trust from source domain to target domain and target user want to login on source domain joined workstation. However, with same trust direction (Source -> Target) if target user want to login on target domain joined workstation then trust plays no role in authentication. So as I understand correctly, workstation domain membership matters in authentication with respect to only presence of trust and trust direction criteria. So it means workstation domain membership does not matter independently. 

Related question with respect to Trust and Sidhistory

Question: 

Part1: I read Quest support article and it was mentioned that in order to migrate Sidhistory, trust is mandatory from source domain to target domain. what is the technical reason behind that? Migrating sidhistory does not need to disable sid filtering or quarantine settings of the trust at first place. Am I right?


Part 2: Suppose there is trust from source -> target. Assuming no sidhistory so If newly created target user is member of source domain local group, want to access resource (ACL with source domain local group), then I don't need to care about sid filtering or quarantine settings of the trust in this scenario. I mean there is no need to disable sid filtering or quarantine settings of the trust in this scenario. Am I right?

It means that disabling sid filtering or quarantine settings is only required incase of accessing resources using ONLY sidhistory (not target user SID) across the trust. Am I right? It means direction for a one-way trust to support sidhistory access to resources on source domain joined servers is always opposite to the trust direction. Am I right?

Looking forward to prompt reply.

Top Replies

Parents
  • workstation criteria matters in authentication as long as there is trust from source domain to target domain and target user want to login on source domain joined workstation. However, with same trust direction (Source -> Target) if target user want to login on target domain joined workstation then trust plays no role in authentication. So as I understand correctly, workstation domain membership matters in authentication with respect to only presence of trust and trust direction criteria. So it means workstation domain membership does not matter independently. 

    Hi,

    Please address above quoted statements as well.

Reply
  • workstation criteria matters in authentication as long as there is trust from source domain to target domain and target user want to login on source domain joined workstation. However, with same trust direction (Source -> Target) if target user want to login on target domain joined workstation then trust plays no role in authentication. So as I understand correctly, workstation domain membership matters in authentication with respect to only presence of trust and trust direction criteria. So it means workstation domain membership does not matter independently. 

    Hi,

    Please address above quoted statements as well.

Children