2

I see that it's possible to create a cross-forest Kerberos Trust between an on-premises AD Forest and a Forest hosted on Azure VMs. But is it also possible to create a cross-forest Trust between two separate organizations which exist only on Azure VMs?

Thanks!

user2238685
  • 23
  • 3
  • 1
    I wouldn't see why not. The trust is based on network connectivity between the forests, not a limit based on Azure or where you host a forest. – TheCleaner Oct 06 '15 at 21:06
  • Agreed. As long as you have the appropriate connectivity and endpoints configured then I don't see why this wouldn't be possible. – joeqwerty Oct 06 '15 at 21:19
  • Forgive my Azure ignorance, but how would network connectivity between the Forests be established if they're part of separate subscriptions? Would it go over the internet? Or is Azure smart enough to route it internally? – user2238685 Oct 06 '15 at 21:25

1 Answers1

0

To answer your question you posed in the comments and the original question:

http://blogs.technet.com/b/canitpro/archive/2014/06/03/step-by-step-configure-vnet-to-vnet-connectivity-in-azure.aspx

You would establish a vnet to vnet VPN tunnel to allow that cross cloud service connectivity between the two forests. Then you could setup the trust relationship as normal.

TheCleaner
  • 32,352
  • 26
  • 126
  • 188