Link to home
Start Free TrialLog in
Avatar of mmudry
mmudry

asked on

Domain trusts in Windows 2003 Server

I'm very new at this whole trusting thing, so take it easy on me:)  Here's my question...

My company just aquired another company.  After working with the admin from the other site we managed to get a two-way trust established.  So now I can connect to his domain and he can connect to ours.  I can even bring up his AD tree.  But when I try to make changes in their AD tree it will not allow.  I set it to Domain-Wide authentication...  so shouldn't I be able to make changes now that we are trusted and I am an enterprise admin for this domain.  And if not how can I get this accomplished with my regular login?  
Avatar of Brian
Brian
Flag of United States of America image
After the trust is created you will want to have the account you do administrative tasks (might be Administrator or a custom one you built) with or even better a group (domain admins) placed into a group in the trusted domain that gives you administrative control where you need it.  The Administrators group if it is Domain authority you need or a custom built OU admin group.

Hope that helps.

Brian
Avatar of mmudry
mmudry

ASKER

OK now I go into lets say my enterprise admin group.  Select member of and I see the trusted domain, BUT I select it and see nothing underneath it...  Just the domain.  So I can't add any groups from the remote domain to enterprise admins...?
Avatar of Brian
Brian
Flag of United States of America image
Go to Advanced and then click Find Now.  Do you get a list of groups now?

Brian
Avatar of mmudry
mmudry

ASKER

I only see domain local groups?  Is that correct?  I mean when I click on the security tab I can add all groups from the other domain, but when I select member of tab and try to add a universal group it only sees domain local groups...
Avatar of Brian
Brian
Flag of United States of America image
Do you know what domain functional level the other domain is in?

Brian
Avatar of mmudry
mmudry

ASKER

We are both running at Windows 2003 functional levels.  I just upgraded mine earlier today...  figuring that may be the issue.
Avatar of Brian
Brian
Flag of United States of America image
Which group are you trying to add to which group?

Brian
Avatar of mmudry
mmudry

ASKER

Trying to add enterprise admins to enterprise admins on the other domain.  Not as a member, as a member of.
ASKER CERTIFIED SOLUTION
Avatar of Brian
Brian
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mmudry
mmudry

ASKER

Yes that works.
SOLUTION
Avatar of tmack
tmack
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mmudry
mmudry

ASKER

Makes sense.  I think it was right all along I was just trying to add groups to the wrong groups, etc.  Thanks for all your help guys!!!  I added enterprise admins to the builtin/administrators group and it took.  Just have to play around a bit more to find out the ebst way to administrate the two easily.