1367 shaares
101 private links
101 private links
4 results
tagged
spnego
Forest trusts provide a way for resources in an Active Directory forest to trust identities from another forest. This trust can be configured in both directions. The trusted forest is the source of user identity. The trusting forest contains the resource to which users authenticate. The trusted forest can authenticate users to the trusting forest without allowing the reverse to occur.
To scan for forests that have incoming trusts that allow TGT delegation, and to find any security principals that allow unconstrained delegation, run the following PowerShell scripts in a script file (for example, Get-RiskyServiceAccountsByTrust.ps1 -Collect):