To select the scope of authentication for users
- Open Active Directory Domains and Trusts.
- In the console tree, right-click the domain node for the domain you want to administer, and then click Properties.
- On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), do one of the following:
- To select the scope of authentication for users authenticating through an external trust, click the external trust that you want to administer, and then click Properties. On the Authentication tab, click either Domain-wide authentication or Selective authentication.
- To select the scope of authentication for users authenticating through a forest trust, click the forest trust that you want to administer, and then click Properties. On the Authentication tab, click either Forest-wide authentication or Selective authentication.
Notes
- To perform this procedure for an external trust, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been the appropriate authority. As a security best practice, consider using Run as to perform this procedure.
- To perform this procedure for a forest trust, you must be a member of the Domain Admins group (in the ) or the Enterprise Admins group in Active Directory, or you must have been the appropriate authority.
- XOX
- For an external trust, if you select Selective authentication, you need to manually enable permissions on the local domain and on the resource to which you want users in the external domain to have access.
- For a forest trust, if you select Selective authentication, you need to manually enable permissions on each domain and resource in the local forest to which you want users in the second forest to have access.
- You can use selective authentication only on external and forest trusts. For more information about selective authentication, see Related Topics.
Related Topics
