分类目录归档:Active Directory

AD DS允许外部用户访问本域Users and Computers的方法

近日给一个Forest级别Trust的Domain设置了Selective Trust,然后跨域访问开始爆炸。AD Administrative Center(dsac.exe)打开就报错( System.Security.Authentication.AuthenticationException )退出;几个MMC Snap-in则不是报告莫名其妙的local error就是提示 Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. 。用Delegation of Control Wizard给外部用户分配所有权限也没有用。

继续阅读