October 3, 2016 at 9:18 am
I just joined this company
and found out that
all SQL Servers are on
domain1 and users are on domain2.
I wonder if slow Windows Authentication in SSMS is caused by this setup.
Maybe I miss something - but i always thought Windows Authentication is the most secure method.
And to implement it - you need to have users on the same domain as servers.
Am I wrong?
October 3, 2016 at 9:24 am
You can have users from another domain as long the server domain trusts the user domain.
October 3, 2016 at 9:30 am
I guess the TRUST is there.
Because we use Windows Authentication to access SQL Servers on the other domain.
Users in BLL domain.
SQL Server in BLL-SG domain.
But this kind of setup - is it it good practice?
October 4, 2016 at 3:11 am
I can't speak about if it is good practice or not. Is is more a division of roles practice (We manage the infrastructure, you manage the users)
As long the Active Directory-servers respond quickly, the authentication should be swift.
October 4, 2016 at 7:21 am
Thanks Jo.
October 5, 2016 at 7:09 pm
RVO (10/3/2016)
I guess the TRUST is there.Because we use Windows Authentication to access SQL Servers on the other domain.
Users in BLL domain.
SQL Server in BLL-SG domain.
But this kind of setup - is it it good practice?
It also has an "Quick! Duck!" advantage. If the user domain is under attack, you can shut it down or isolate it without it affecting the server domain, which may have some critical jobs in-process. Just another layer of protection.
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply