Temporary one-way trusts for migrating to Austin Active Directory

Generally, only temporary, one-way, non-transitive trusts are permitted between austin.utexas.edu and other Windows domains. The following restrictions apply to these trusts:

• Only University of Texas at Austin schools, departments, and affiliated units operating Windows domains may be considered for a trust.
• Trusts are normally only established to facilitate migration to Austin Active Directory.
• The trusting Windows domain must run Windows Server 2000 SP4 or higher. 

Please note that two-way trusts will NOT be established.

For temporary trusts established to facilitate migration to Austin Active Directory, follow these procedures to apply for a trust:

• Complete an Information Security Office Security Exception Report. This must be approved by the ITS Systems Director and the Information Security Office (ISO) before the trust can be established.
• Document the scope and timeline for the migration. This must also be approved before the trust is established.
• Provide ITS with monthly status reports including progress and remaining migration activities.
• Designate a department technical and management contact.

Once a trust has been approved, a termination date will be specified and the trust will end on that date. A one-way trust can be established for a maximum of 90 days. Any extension will require resubmission and re-approval of the Security Exception Report, as well as completion of the migration scope and timeline documentation.

NOTE: On a Windows computer that is a member of austin.utexas.edu, the "Authenticated Users" built-in group includes accounts from austin.utexas.edu and accounts from any domain that holds a two-way trust with austin.utexas.edu. Therefore, the "Authenticated Users" group should be used with discretion. Use the "Domain Users" built-in group to limit permissions on a resource to only users that are affiliated with The University of Texas at Austin.

Permanent one-way trusts

In special cases, the Information Security Office and ITS Systems may allow a permanent one-way trust to Austin Active Directory. If you would like to request a permanent one-way trust to Austin Active Directory, follow these steps:.

• Complete the Application for Active Directory Trust. This must be approved by the ITS Systems Director and the Information Security Office (ISO) before the trust can be established.
• Designate a department technical and management contact.

A permanent one-way trust can be established for a maximum of one (1) year. Any extension will require resubmission and re-approval of the Application for Active Directory Trust.