Melvin, I'm not sure about Federation. I'll toss out the idea of a RODC, that might be possible.
Thanks, Eric On Thu, Dec 8, 2016 at 11:00 AM, Melvin Backus <[email protected]> wrote: > Just spitballing here, but would federation help that? Or put an RODC > for company.corp on location at custproj.corp > > > > > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > *From:* [email protected] [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Eric Wittersheim > *Sent:* Thursday, December 8, 2016 11:36 AM > *To:* [email protected] > *Subject:* [NTSysADM] External trust issue > > > > I have a interesting project that I'm working on and I believe I have hit > a snag that is going to throw a big monkey wrench in the deal. > > > > Here is what I have to work with. > > > > 2 domains in separate forests. > > > > Company.corp > > CustProj.corp > > > > I have created a one way trust that allows users from Company.corp to > authenticate to users in CustProj.corp. Inside of CustProj.corp there are > a number of servers that users can authenticate using Company.corp > credentials. The rub is when a user is logging into server1.CustProj.corp > using Company.corp credentials the authentication request goes to a DC in > Company.corp. This I believe is by design from Microsoft but requirements > for this project dictate that there cannot be authentication requests from > [servers].CustProj.corp to any DCs at Company.corp. The hope was to have > the DC at CustProj.corp relay the auth requests on behalf of the client. > Is there anyway to force this? Am I missing something that I can set this? > Any ideas or third party products that might help? > > > > Eric > > > > >
