Getting Started: NETID Trusts

Last updated: January 30, 2023
Audience: IT Staff / Technical

Requesting a trust with the NETID domain is a common way of making use of the automatically-provisioned Windows user accounts that correspond to UW NetIDs (hereafter referred to as NETID user accounts).

After successfully obtaining a trust and configuring your resources with the appropriate access controls, you will be able to tell your clients to login with UW Windows user accounts to obtain access to your Windows domain-based resources.

Preparing to Make a Decision

  1. Determine what type of trust you’d like to obtain.
  2. Understand the implications of using a trust, and plan accordingly.
  3. Ensure you have a working DNS configuration for your Windows domain. If you need more information about what it means to have working DNS for a Windows domain, please read:
  4. If you have a firewall, ensure that the firewall does not restrict access to the NETID domain.
  5. Understand the landscape of the Microsoft Infrastructure. You’ll want to read about NETIDĀ users, NETID groups, MI Policy, and you may want to read theĀ MI Architecture Guide.

Requesting a Trust

  1. Request your trust
  2. When directed, follow the online instructions to setup the trust:
    Forest Trust Directions

Using Your Trust

  1. Review common ways you might use NETID across a trust, along with access control and group policy settings suggestions.
  2. Consider leveraging loopback group policy to apply group policy settings to any NETID users logging into your departmental domain computers.
  3. Consider using domain local groups in your departmental domain to contain NETID users and groups so you can grant access to computers and resources in your departmental domain. groups
    This diagram which shows the group membership and ACLing possibilities of different AD group types.
  4. Tell your users.