Securing Domain and Forest Trusts

Applies To: Windows Server 2008, Windows Server 2008 R2

When you create a new trust in an existing forest in Active Directory Domain Services (AD DS), all communications over that trust are tightly secured. However, when you create a trust between your domain and another domain outside your forest, certain security issues are involved. For example, you might need to configure security identifier (SID) filtering to deny one domain the right to provide credentials for another domain. You can enable or disable SID filtering for external trusts or forest trusts.

This section includes the following tasks for securing domain and forest trusts:

• Configuring SID Filter Quarantining on External Trusts

• Configuring Selective Authentication Settings

For more information about how the security settings for domain and forest trusts work, see Security Considerations for Trusts (https://go.microsoft.com/fwlink/?LinkId=111846).