Hello Everyone:

​

I understand the basic idea of both domain/forest trusts in AD and Service Principle Names (SPNs) which are completely unrelated, but when I go to set them up I cannot wrap my head around it.

​

To be more specific, how do I remember the difference between trusting and trusted domain when setting up a trust? If I am logged onto globomantics.lan as Administrator and want to set up a one-way trust with bigfirm.lan, just follow the wizard; but what does that get me in the end? Does a one way trust between globomantics.lan and bigfirm.lan now mean that users in bigfirm.lan can now access resources and log on at workstations belonging to globomantics.lan or did I reverse it?

​

As to SPNs, again I understand that they are used for delegation on AD but I can never wrap my head around the formatting of them. If I wanted to set the IIS AppPool identity for for Microsoft Dynamics CRM on CRM1 in the domain globomantics.lan running on port 8080 to the AD user CRMSvc would the resultant SPN be http/CRM1/8080 set on globomantics\CRMSvc, http/CRM1.globomantics.lan/8080 on globomantics\CRMSvc... I can never wrap my head on what SPNs go where.

​

If anyone could help me in wrapping my head around these two concepts, that would be helpful? Again, I understand the concepts at a base level, it's just wrapping my head around it at implementation time that messes with me.

​

Thanks in advance for any help given.

​

NOTE: All domain, machine, accounts, and other identifiers where used are fictional and do not necessarily represent real companies, people, or systems.