Recall from Chapter 4 that you can set selective authentication when you create an external or forest trust by using the New Trust Wizard. You can also set selective authentication for an existing external or forest trust by using the Active Directory Domains And Trusts console.
To set selective authentication for an external or forest trust, complete the following steps:
1. Click Start, point to Administrative Tools, and then click Active Directory Domains
And Trusts.
2. In the console tree, right-click the domain node for the domain you want to
administer, and then click Properties.
3. On the Trusts tab, under either Domains Trusted By This Domain (Outgoing
Trusts) or Domains That Trust This Domain (Incoming Trusts), do one of the following:
Q Click the external trust that you want to administer, and then click Properties. On the Authentication tab, click Selective Authentication, and then click OK.
Q Click the forest trust that you want to administer, and then click Properties. On the Authentication tab, click Selective Authentication, and then click OK.
4. In the Properties dialog box for the domain, click OK.
5. Manually enable permissions on each domain and resource in the local domain or
forest to which you want users in the second domain or forest to have access.
When a user authenticates across a trust -with selective authentication enabled, an Other Organization security ID (SID) is added to the user's authorization data. The presence of this SID prompts a check on the resource domain to ensure that the user is allowed to authenticate to the particular service. Once the user is authenticated, if the Other Organization SID is not already present, then the server adds the This Organization SID. Only one of these special SIDs can be present in an authenticated user's context.
Administrators in each domain or forest can add objects from one domain to ACLs on shared resources in the other domain or forest. You can use the ACL editor to add or remove objects residing in one domain or forest to ACLs on resources in the other domain.
Warning: call_user_func(custom_comments) [function.call-user-func]: First argument is expected to be a valid callback in /home/endeavorexam/aplus-220-701.com/wp-includes/comment-template.php on line 1334