trust relations on forest level - windows server 2008 standard r2
Hello,
I have two forests and ofcourse two different domains on windows server 2008 standard. And I want domain B to Trust domain A so that users on Domain A can access files on Domain B but don't want Domain B users to access Domain A server files. So it is one
way trust on forest level
Domain A and Domain B
I created one way trust relationship using following steps:-
opened Active Directory Domain and Trust on Domain A
Right click on domain, click properties and went to trust tab of properties page.
Created new trust, by giving DNS name of domain B. Now it is showing following row "Domain that trusts this domain (incoming trusts)"
Domain Name: Domain B
Trust Type : Forest
Transitive : Yes
it looks like at this point trust is created as expected.
----
I have following issues/question
Now when I go to domain B ->Active directory and users, I cannot add users from Domain A into any group of Domain B.
But when I go to any of the folder on the server whcih belongs to domain B, on right click of folder, unders security, i can see domain A forest and add users/group from Domain A.
I'm wodnering why I cannot see users and group of Domain A in Domain B active directory whereas I can see it on folder level.
----
2nd issue, even if I give permission to user from Domain A on server which belongs to domain B, users of Domain A cannot access Domain B->server files but using Domain A login credentials. and alos they cannot access server of domain B by its DNS name
but they can access by IP Address.
---
seems like i'm missing something in trust relationship and also somethign is not working on DNS.
Can someone please help me on this?
Thanks,
P
February 23rd, 2012 3:46pm
Hi,
You can create Domain Local Group and Universal Group to add users cross forest. For more information, please refer to the following Microsoft TechNet article:
Group scope
http://technet.microsoft.com/en-us/library/cc755692(v=WS.10).aspx
The second issue looks like a DNS issue. You may try to configure the primary DNS suffix to check the result. For the detailed steps, please refer to the following Microsoft TechNet article:
Configure the primary DNS suffix for a client computer
http://technet.microsoft.com/en-us/library/cc786695(v=WS.10).aspx
For more information, please also refer to the following links:
Checklist: Creating a forest trust
http://technet.microsoft.com/en-us/library/cc756852(v=WS.10).aspx
Accessing resources across forests
http://technet.microsoft.com/en-us/library/cc772808(v=WS.10).aspx
Regards,
Arthur Li
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
February 24th, 2012 2:04am
Hi,
You can create Domain Local Group and Universal Group to add users cross forest. For more information, please refer to the following Microsoft TechNet article:
Group scope
http://technet.microsoft.com/en-us/library/cc755692(v=WS.10).aspx
The second issue looks like a DNS issue. You may try to configure the primary DNS suffix to check the result. For the detailed steps, please refer to the following Microsoft TechNet article:
Configure the primary DNS suffix for a client computer
http://technet.microsoft.com/en-us/library/cc786695(v=WS.10).aspx
For more information, please also refer to the following links:
Checklist: Creating a forest trust
http://technet.microsoft.com/en-us/library/cc756852(v=WS.10).aspx
Accessing resources across forests
http://technet.microsoft.com/en-us/library/cc772808(v=WS.10).aspx
Regards,
Arthur Li
TechNet Community Support
February 24th, 2012 9:56am