Bij het aanmaken van een trust kan er voor gekozen om na het toevoegen van gebruikers de trust om te zetten in een When creating a trust, it is possible to convert the trust into a one-way incoming trust . Daardoor kunnen de gebruikers alleen nog maar authenticeren op het domein. Als er nieuwe gebruikers toegevoegd moeten worden zal er weer een two-way trust opgezet moeten wordenafter adding users. As a result, the users can only authenticate on the domain. If new users have to be added, a two-way trust will have to be set up again.
| Warning | ||||
|---|---|---|---|---|
| Voor het toevoegen van gebruikers moet ALTIJD eerst een
| |||
For the addition of users ALWAYS first have to set up a two-way trust opgezet worden. Als gebruikers zijn toegevoegd kan de trust worden omgezet naar een . Once users have been added, the trust can be converted into a one-way trust. |
...
Open Active Directory Domains and Trusts.
...
In the console tree, right-click the domain node for the forest root domain of the forest for which you want to establish an incoming forest trust, and then click Properties.
...
On the Trusts tab, click New Trust, and then click Next.
...
On the Trust Name page, type the Domain Name System (DNS) name of the forest root domain of the other forest, and then click Next.
...
On the Trust Type page, click Forest trust, and then click Next.
...
On the Direction of Trust page, click One-way: incoming, and then click Next.
For more information about the selections that are available on the Direction of Trust page, see "Direction of Trust" in Appendix: New Trust Wizard Pages.
...
On the Sides of Trust page, click This domain only, and then click Next.
For more information about the selections that are available on the Sides of Trust page, see "Sides of Trust" in Appendix: New Trust Wizard Pages.
...
On the Trust Password page, type the trust password twice, and then click Next.
...
On the Trust Selections Complete page, review the results, and then click Next.
...
On the Trust Creation Complete page, review the results, and then click Next.
On the Confirm Incoming Trust page, do one of the following:
...
The one-way trust will be created with SoftApp distribution as one-way outgoing. In this case, a time has to be set up with a SoftApp engineer to enter the administration data to make the trust operational.
Choices
| What | Options | Explanation |
|---|---|---|
| Authentication trust level |
| All users in the AD forest can log in to Skype for Business if an account is created for it. |
| Users can only register if they are in a certain group that has the correct rights.
|
Add users
With a one-way trust, users can only be added by entering them manually. This is due to the fact that the users can not be read by SoftApp distribution. The one-way trust only grants rights to forward the authentication request. To add users certain variables have to be supplied.
This concerns the following user data:
Attribute | Information to be provided |
|---|---|
ObjectSID * | |
telephoneNumber | |
sweatshirts * | |
givenName * | |
Surname * | |
physicalDeliveryOfficeName | |
l (city) | |
st (state) | |
Country | |
Title | |
Mail* | |
Company | |
thumbnailphoto | |
manager | |
Department |
* = mandatory value
The values can be found on an Active Directory user.
- Open Active Directory Users and Computers
- Enable advanced features under the tab view
- Right-click on a specific user and click on properties
- Go to the attribute editor to find the values.
All values with a * are mandatory and must be passed on for the functionality. Other values are profile data of the user.
[1] https://technet.microsoft.com/nlen-nlus/library/cc816731(v=ws.10).aspx