Trusts between austin.utexas.edu and other Windows domains
Temporary one-way trusts for migrating to Austin Active Directory
Generally, only temporary, one-way, non-transitive trusts are permitted between austin.utexas.edu and other Windows domains. The following restrictions apply to these trusts:
- Only University of Texas at Austin schools, departments, and affiliated units operating Windows domains may be considered for a trust.
- Trusts are normally only established to facilitate migration to Austin Active Directory.
- The trusting Windows domain must run Windows Server 2000 SP4 or higher.
Please note that two-way trusts will NOT be established.
For temporary trusts established to facilitate migration to Austin Active Directory, follow these procedures to apply for a trust:
- Complete an Information Security Office Security Exception Report. This must be approved by the ITS Systems Director and the Information Security Office (ISO) before the trust can be established.
- Document the scope and timeline for the migration. This must also be approved before the trust is established.
- Provide ITS with monthly status reports including progress and remaining migration activities.
- Designate a department technical and management contact.
Once a trust has been approved, a termination date will be specified and the trust will end on that date. A one-way trust can be established for a maximum of 90 days. Any extension will require resubmission and re-approval of the Security Exception Report, as well as completion of the migration scope and timeline documentation.
NOTE: On a Windows computer that is a member of austin.utexas.edu, the "Authenticated Users" built-in group includes accounts from austin.utexas.edu and accounts from any domain that holds a two-way trust with austin.utexas.edu. Therefore, the "Authenticated Users" group should be used with discretion. Use the "Domain Users" built-in group to limit permissions on a resource to only users that are affiliated with The University of Texas at Austin.
Permanent one-way trusts
In special cases, the Information Security Office and ITS Systems may allow a permanent one-way trust to Austin Active Directory. If you would like to request a permanent one-way trust to Austin Active Directory, follow these steps:.
- Complete the Application for Active Directory Trust. This must be approved by the ITS Systems Director and the Information Security Office (ISO) before the trust can be established.
- Designate a department technical and management contact.
A permanent one-way trust can be established for a maximum of one (1) year. Any extension will require resubmission and re-approval of the Application for Active Directory Trust.