Home › Forums › AWS › AWS Certified Security – Specialty › Active Directory Trust › Reply To: Active Directory Trust
-
Hello PETERHODES,
Thanks for the feedback.
Please note that Chat-GPT can sometimes make mistakes, and it’s essential to cross-reference with reliable sources.
The Microsoft documentation clearly states that “A one-way trust is a unidirectional authentication path created between two domains. In a one-way trust between Domain A and Domain B, users in Domain A can access resources in Domain B. However, users in Domain B can’t access resources in Domain A.”
The documentation from Microsoft that supports this statement can be found at the following:
- https://learn.microsoft.com/en-us/entra/identity/domain-services/concepts-forest-trust
- https://learn.microsoft.com/en-us/answers/questions/75639/question-regarding-setting-up-a-one-way-forest-tru
- https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-forest
Our correct answers are supported by this document: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-forest
In the scenario where on-premises users need access to cloud resources but not vice versa, the following configurations need to be implemented:
– On-premises trust: One-way, incoming
– Cloud trust: One-way, outgoingTherefore, the correct answers are:
– Using AWS Directory Service, set up an AWS Managed Microsoft AD to manage the RDS databases and EC2 instances.
– Set up a one-way incoming trust in the existing on-premises Active Directory and a one-way outgoing trust in the new Active Directory in AWS.
I hope this helps!
Regards,
JR @ Tutorials Dojo - https://learn.microsoft.com/en-us/entra/identity/domain-services/concepts-forest-trust