question

Dolcino-2360 avatar image
0 Votes"
Dolcino-2360 asked LimitlessTechnology-2700 answered

Active Directory Domain referrals / domain realm mapping

Hi, I would like to ask that how active directory domain referral works.

Concept "referral" comes from kerberos, refer to https://datatracker.ietf.org/doc/html/draft-ietf-krb-wg-kerberos-referrals-12#section-8

I built up a cross-realm trusts between Windows AD and MIT Kdc5.

In MIT Kdc, the way referral works is storing domain_realm mapping at KDC's krb5.conf. Refer to https://web.mit.edu/kerberos/krb5-1.12/doc/admin/realm_config.html

When client query a server in another domain, KDC will tell client which domain that server is in, if that server host name match domain_realm mapping at KDC's krb5.conf.

However, I don't know how that works at windows AD.
1> How referral works at Windows AD
2> How I can set domain realm mapping at windows AD.

Thanks for your help.

windows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello @Dolcino-2360

Referrals are not a very easy task to explain, due to the length of their interaction with your domain.

I would recommend the next readings to understand how domain referral works, and with information on how to manage them:

https://docs.microsoft.com/en-us/windows/win32/ad/referrals

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/referral-chasing/ba-p/243177

Hope this provides more information about what you want to achieve,
Best regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.