Stap 4b: One-way trust
- Maarten Meijer
When creating a trust, it is possible to convert the trust into a one-way incoming trust after adding users. As a result, the users can only authenticate on the domain. If new users have to be added, a two-way trust will have to be set up again.
TVO365 support required
For the addition of users ALWAYS first have to set up a two-way trust. Once users have been added, the trust can be converted into a one-way trust.
The one-way trust will be created with SoftApp distribution as one-way outgoing. In this case, a time has to be set up with a SoftApp engineer to enter the administration data to make the trust operational.
Choices
What | Options | Explanation |
|---|---|---|
Authentication trust level |
| All users in the AD forest can log in to Skype for Business if an account is created for it. |
|
| Users can only register if they are in a certain group that has the correct rights. |
Add users
With a one-way trust, users can only be added by entering them manually. This is due to the fact that the users can not be read by SoftApp distribution. The one-way trust only grants rights to forward the authentication request. To add users certain variables have to be supplied.
This concerns the following user data:
Attribute | Information to be provided |
|---|---|
ObjectSID * |
|
telephoneNumber |
|
sweatshirts * |
|
givenName * |
|
Surname * |
|
physicalDeliveryOfficeName |
|
l (city) |
|
st (state) |
|
Country |
|
Title |
|
Mail* |
|
Company |
|
thumbnailphoto |
|
manager |
|
Department |
|
* = mandatory value
The values can be found on an Active Directory user.
Open Active Directory Users and Computers
Enable advanced features under the tab view
Right-click on a specific user and click on properties
Go to the attribute editor to find the values.
All values with a * are mandatory and must be passed on for the functionality. Other values are profile data of the user.
[1] https://technet.microsoft.com/en-us/library/cc816731(v=ws.10).aspx