Tag: ACTIVEDIRECTORY

Cross forest authentication

Anyone installed a forest trust before.. probably else you would not be reading this post.. how does authentication work in a forest trust?

Well there are two authentication mechanisms in Windows NTLM and Kerberos, both can be used in a forest trust, and both work differently. Setting it up brought me the following authentication schema..

Read more

Kerberos PAC validation

 
basically, all Kerberos tickets in windows have a PAC (that holds all the groups of the identity). If the resource that is accessed is NOT running under system account (but user/service), the resource will issue a verification of the PAC at the nearest domain controller. That DC will verify the PAC load and will give the green light.
 

Cross-forest Authenticate in VBS

So the problem:

All mailboxes of the users are migrated to a central Exchange server, comming from various Exchange 5.5/2003/2003 mailservers (contact me if you want to know how 🙂 ) . and mailboxes where cloned.. now the client needs to be pointed to the new exchange server else Outlook will not work. The challenge, how do you change your mapi profile.

We had 4 scenario’s

1: The domain is NT4 no trust or no domain at all!
2: The domain the user is in, has a trust with the Exchange domain
3 The domain the user is in is a Windows 2000/2003/2008 domain no trust
4: The user is in the domain

Read more