The University of Texas at Austin

Austin Active Directory

Trusts between austin.utexas.edu and other Windows domains

Temporary one-way trusts for migrating to Austin Active Directory

Generally, only temporary, one-way, non-transitive trusts are permitted between austin.utexas.edu and other Windows domains. The following restrictions apply to these trusts:

  • Only University of Texas at Austin schools, departments, and affiliated units operating Windows domains may be considered for a trust.
  • Trusts are normally only established to facilitate migration to Austin Active Directory.
  • The trusting Windows domain must run Windows Server 2000 SP4 or higher. 

Please note that two-way trusts will NOT be established.

For temporary trusts established to facilitate migration to Austin Active Directory, follow these procedures to apply for a trust:

  • Complete an Information Security Office Security Exception Report. This must be approved by the ITS Systems Director and the Information Security Office (ISO) before the trust can be established.
  • Document the scope and timeline for the migration. This must also be approved before the trust is established.
  • Provide ITS with monthly status reports including progress and remaining migration activities.
  • Designate a department technical and management contact.

Once a trust has been approved, a termination date will be specified and the trust will end on that date. A one-way trust can be established for a maximum of 90 days. Any extension will require resubmission and re-approval of the Security Exception Report, as well as completion of the migration scope and timeline documentation.

NOTE: On a Windows computer that is a member of austin.utexas.edu, the "Authenticated Users" built-in group includes accounts from austin.utexas.edu and accounts from any domain that holds a two-way trust with austin.utexas.edu. Therefore, the "Authenticated Users" group should be used with discretion. Use the "Domain Users" built-in group to limit permissions on a resource to only users that are affiliated with The University of Texas at Austin.

Permanent one-way trusts

In special cases, the Information Security Office and ITS Systems may allow a permanent one-way trust to Austin Active Directory. If you would like to request a permanent one-way trust to Austin Active Directory, follow these steps:.

  • Complete the Application for Active Directory Trust. This must be approved by the ITS Systems Director and the Information Security Office (ISO) before the trust can be established.
  • Designate a department technical and management contact.

A permanent one-way trust can be established for a maximum of one (1) year. Any extension will require resubmission and re-approval of the Application for Active Directory Trust.

We Can Help

Get help from an expert:

* ITS Help and Service Desk

* Call us at 512-475-9400

* Submit a help request online

We also have a walk-in service in the first floor lobby of the Flawn Academic Center (FAC). Stop by and let us help you!