trust relations on forest level - windows server 2008 standard r2
Hello, I have two forests and ofcourse two different domains on windows server 2008 standard. And I want domain B to Trust domain A so that users on Domain A can access files on Domain B but don't want Domain B users to access Domain A server files. So it is one way trust on forest level Domain A and Domain B I created one way trust relationship using following steps:- opened Active Directory Domain and Trust on Domain A Right click on domain, click properties and went to trust tab of properties page. Created new trust, by giving DNS name of domain B. Now it is showing following row "Domain that trusts this domain (incoming trusts)" Domain Name: Domain B Trust Type : Forest Transitive : Yes it looks like at this point trust is created as expected. ---- I have following issues/question Now when I go to domain B ->Active directory and users, I cannot add users from Domain A into any group of Domain B. But when I go to any of the folder on the server whcih belongs to domain B, on right click of folder, unders security, i can see domain A forest and add users/group from Domain A. I'm wodnering why I cannot see users and group of Domain A in Domain B active directory whereas I can see it on folder level. ---- 2nd issue, even if I give permission to user from Domain A on server which belongs to domain B, users of Domain A cannot access Domain B->server files but using Domain A login credentials. and alos they cannot access server of domain B by its DNS name but they can access by IP Address. --- seems like i'm missing something in trust relationship and also somethign is not working on DNS. Can someone please help me on this? Thanks, P
February 23rd, 2012 3:46pm

Hi, You can create Domain Local Group and Universal Group to add users cross forest. For more information, please refer to the following Microsoft TechNet article: Group scope http://technet.microsoft.com/en-us/library/cc755692(v=WS.10).aspx The second issue looks like a DNS issue. You may try to configure the primary DNS suffix to check the result. For the detailed steps, please refer to the following Microsoft TechNet article: Configure the primary DNS suffix for a client computer http://technet.microsoft.com/en-us/library/cc786695(v=WS.10).aspx For more information, please also refer to the following links: Checklist: Creating a forest trust http://technet.microsoft.com/en-us/library/cc756852(v=WS.10).aspx Accessing resources across forests http://technet.microsoft.com/en-us/library/cc772808(v=WS.10).aspx Regards, Arthur Li TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
February 24th, 2012 2:04am

Hi, You can create Domain Local Group and Universal Group to add users cross forest. For more information, please refer to the following Microsoft TechNet article: Group scope http://technet.microsoft.com/en-us/library/cc755692(v=WS.10).aspx The second issue looks like a DNS issue. You may try to configure the primary DNS suffix to check the result. For the detailed steps, please refer to the following Microsoft TechNet article: Configure the primary DNS suffix for a client computer http://technet.microsoft.com/en-us/library/cc786695(v=WS.10).aspx For more information, please also refer to the following links: Checklist: Creating a forest trust http://technet.microsoft.com/en-us/library/cc756852(v=WS.10).aspx Accessing resources across forests http://technet.microsoft.com/en-us/library/cc772808(v=WS.10).aspx Regards, Arthur Li TechNet Community Support
February 24th, 2012 9:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics