AD: External trusts and Kerberos

Published on Monday, September 14, 2009 in ,

Very recently I followed a question at activedir.org (very interesting mailing list!) concerning whether external trusts support Kerberos. (topic @ activedir.org)

Microsoft isn't always as clear about it, but the following articles does state it: Kerberos is only possible when a forest trust is created: http://technet.microsoft.com/nl-be/library/bb727065(en-us).aspx

And some other references:

Conclusion: External trusts only support NTLM authentication. External trusts are also known as "down-level trusts" or "Microsoft Windows NT Server 4.0 trusts."

Related Posts

3 Response to AD: External trusts and Kerberos

17 August, 2011 10:38


19 October, 2011 11:28


Thank you, thank you and thank you !
I was searching for 3 days and at last I found this article.
Great !

20 October, 2011 22:02

Great I could be of help. However since I wrote this article updated information got available at Microsoft.com. Whilst still not 100% clear, Jorge got it all covered and explained into the smallest detail possible! Head over to his series of posts to get it all right: http://jorgequestforknowledge.wordpress.com/2011/09/07/kerberos-authentication-over-an-external-trust-is-it-possible-part-1/ Make sure to read all posts, there's 6 of them.

Add Your Comment