I just got CCd on an email chain concerning a conversion of 1-way AD
trusts to 2-way trust for some realms and domains we use in one of the
public cloud providers.
The AD team is finally responding to all the issues they caused us in
the cloud by refusing a 2-way trust in the first place. It caused enough
hassles on the pure Windows side of things that Senior Management got
involved, heh.
I was the one who worked with the AD folk to set up the 1-way trust to
our custom realm and it involved pre-shared secrets and joint
coordinated actions.
But this time around the language in the email is sort of like "hey we
are just giving you a heads up on a change that will be made live this
weekend .."
So consider this a vague query along the lines of "Will this actually
work?" -- Can a 1-way trust be made into a 2-way trust with actions
entirely performed on the AD side of things? The AD people have no
access and no idea how FreeIPA works.
I was sort of thinking that I'd have to tear down the 1-way and set up a
new 2-way trust but then I realized I've never done that before and I'm
not sure how it works on the AD side of things.
Any tips on FreeIPA and 1-way to 2-way trust conversions would be
appreciated, thanks!
Chris