Select the scope of authentication for users

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To select the scope of authentication for users

  1. Open Active Directory Domains and Trusts.

  2. In the console tree, right-click the domain node for the domain you want to administer, and then click Properties.

  3. On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), do one of the following:

    • To select the scope of authentication for users authenticating through an external trust, click the external trust that you want to administer, and then click Properties. On the Authentication tab, click either Domain-wide authentication or Selective authentication.

    • To select the scope of authentication for users authenticating through a forest trust, click the forest trust that you want to administer, and then click Properties. On the Authentication tab, click either Forest-wide authentication or Selective authentication.

Notes

  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To perform this procedure for a forest trust, you must be a member of the Domain Admins group (in the forest root domain) or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority.

  • To open Active Directory Domains and Trusts, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Domains and Trusts.

  • For an external trust, if you select Selective authentication, you need to manually enable permissions on the local domain and on the resource to which you want users in the external domain to have access.

  • For a forest trust, if you select Selective authentication, you need to manually enable permissions on each domain and resource in the local forest to which you want users in the second forest to have access.

  • You can use selective authentication only on external and forest trusts. For more information about selective authentication, see Security Considerations for Trusts.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Accessing resources across forests Accessing resources across domains Forest trusts Create an external trust Trust types Trust direction