• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

Domain trusts in Windows 2003 Server

I'm very new at this whole trusting thing, so take it easy on me:)  Here's my question...

My company just aquired another company.  After working with the admin from the other site we managed to get a two-way trust established.  So now I can connect to his domain and he can connect to ours.  I can even bring up his AD tree.  But when I try to make changes in their AD tree it will not allow.  I set it to Domain-Wide authentication...  so shouldn't I be able to make changes now that we are trusted and I am an enterprise admin for this domain.  And if not how can I get this accomplished with my regular login?  
0
mmudry
Asked:
mmudry
  • 6
  • 5
2 Solutions
 
mkbeanCommented:
After the trust is created you will want to have the account you do administrative tasks (might be Administrator or a custom one you built) with or even better a group (domain admins) placed into a group in the trusted domain that gives you administrative control where you need it.  The Administrators group if it is Domain authority you need or a custom built OU admin group.

Hope that helps.

Brian
0
 
mmudryAuthor Commented:
OK now I go into lets say my enterprise admin group.  Select member of and I see the trusted domain, BUT I select it and see nothing underneath it...  Just the domain.  So I can't add any groups from the remote domain to enterprise admins...?
0
 
mkbeanCommented:
Go to Advanced and then click Find Now.  Do you get a list of groups now?

Brian
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
mmudryAuthor Commented:
I only see domain local groups?  Is that correct?  I mean when I click on the security tab I can add all groups from the other domain, but when I select member of tab and try to add a universal group it only sees domain local groups...
0
 
mkbeanCommented:
Do you know what domain functional level the other domain is in?

Brian
0
 
mmudryAuthor Commented:
We are both running at Windows 2003 functional levels.  I just upgraded mine earlier today...  figuring that may be the issue.
0
 
mkbeanCommented:
Which group are you trying to add to which group?

Brian
0
 
mmudryAuthor Commented:
Trying to add enterprise admins to enterprise admins on the other domain.  Not as a member, as a member of.
0
 
mkbeanCommented:
Does it work if you try to add your EA account to their Local Adminstrators Group?  I know that doesn't solve your problem but just want to ensure that a portion of this trust is working.

Brian
0
 
mmudryAuthor Commented:
Yes that works.
0
 
tmackCommented:
you cant add global groups to global groups. You will need to do as MK stated and add your admins account to their local admin group. Or you can do as we do here is set up an admin account on their domain and when you access resources on their domain you just use that account.

The difference between domain wide authentication and selective is domain used pass-through aunthentication and selceltive will ask for credentials when hitting resources.
0
 
mmudryAuthor Commented:
Makes sense.  I think it was right all along I was just trying to add groups to the wrong groups, etc.  Thanks for all your help guys!!!  I added enterprise admins to the builtin/administrators group and it took.  Just have to play around a bit more to find out the ebst way to administrate the two easily.  
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now