When creating a trust, it is possible to convert the trust into a one-way incoming trust after adding users. As a result, the users can only authenticate on the domain. If new users have to be added, a two-way trust will have to be set up again.
SOFTapp Engineer nodig
For the addition of users ALWAYS first have to set up a two-way trust. Once users have been added, the trust can be converted into a one-way trust.
The one-way trust will be created with SoftApp distribution as one-way outgoing. In this case, a time has to be set up with a SoftApp engineer to enter the administration data to make the trust operational.
Choices
| What | Options | Explanation |
|---|---|---|
| Authentication trust level |
| All users in the AD forest can log in to Skype for Business if an account is created for it. |
| Users can only register if they are in a certain group that has the correct rights.
|
Add users
With a one-way trust, users can only be added by entering them manually. This is due to the fact that the users can not be read by SoftApp distribution. The one-way trust only grants rights to forward the authentication request. To add users certain variables have to be supplied.
This concerns the following user data:
Attribute | Information to be provided |
|---|---|
ObjectSID * | |
telephoneNumber | |
sweatshirts * | |
givenName * | |
Surname * | |
physicalDeliveryOfficeName | |
l (city) | |
st (state) | |
Country | |
Title | |
Mail* | |
Company | |
thumbnailphoto | |
manager | |
Department |
* = mandatory value
The values can be found on an Active Directory user.
- Open Active Directory Users and Computers
- Enable advanced features under the tab view
- Right-click on a specific user and click on properties
- Go to the attribute editor to find the values.
All values with a * are mandatory and must be passed on for the functionality. Other values are profile data of the user.
[1] https://technet.microsoft.com/en-us/library/cc816731(v=ws.10).aspx