Home

ADFS WAP Cross Domain constrained delegation

Highlighted
Peter Holland
Contributor

Hi,

 

I have an interesting scenario and i'm not entirely sure on whether this will actually work or not, my current theory is not.

Also, apologies if this isnt the correct community for WAP discussion, couldnt see anywhere else appropriate

 

WAP and ADFS in Domain A in Forest 1, users in Domain B in Forest 2, however there is a direct domain trust rather than a forest trust.

 

Can you do KCD cross domain, to another forest, without a forest trust?

 

Reading through the documentation for WAP KCD everything states forest trust, reading through the documentation for S4u2Proxy it seems like it maybe should work, but is a little wooly about the path of the kerberos token and the flow of trust.

 

Any input appreciated, especially if it comes before i have to lab it.

 

thanks

 

Pete

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
16 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
11 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
*Updated 9/3* Syncing in Microsoft Edge Preview Channels
Elliot Kirk in Articles on
217 Replies