2 Locations, 2 2003 DC's w/ Seperate Domain Names, Trusted 2-way. User Rights Question

I have 2 domain controllers at 2 locations

Location 1:
domain1.local

Location 2:
domain2.local


Connected to each other via routing and remote access as a demand dial interface via Business DSL.

Both domains are set to trust each other. I can access files from both domains and logon to desktops at each location with a single user account. The problem I'm having is for my administrators. When admin1.domain1.local logs onto domain2.local they act as if they are just a domain user. They have no administrative privileges. From what I have read and understand the domains just have to trust each other and any user will inherit their normal user account settings. Well both domains are trusting of each other and we can definitely see resources on both domains. What am I missing?
trilogynetAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MazaraatCommented:
Are the admins from domain1 members of the domain admins, administrators,etc... groups on domain2?  (verify)
0
trilogynetAuthor Commented:
I added each user to the administrators group, but when I go to add admin1.domain1.local to the domain admins on domain2.local I am unable to select the domain1.local to pick users from.  
0
Kini pradeepPrincipal Cloud and security consultantCommented:


this would not work, so the best way to achieve this would be by nesting groups.
if i remember that correctly then you can create a universal group on domain1, add the domain admins group into that group. then on domain2 create a domain local group and nest the universal group into this domain local group. once thats done you should be able to add the domain local group to the domain admins group.

i will confirm resolution when i can access my virtual server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

MazaraatCommented:
What kind of trust was created?  You may not have gave permissions for admin level.

Here is an excellent walk through with plenty of explanations along the way, go over it and verify.

http://thelazyadmin.com/index.php?/archives/244-Creating-an-Active-Directory-Trust.html
0
trilogynetAuthor Commented:
Well I tried to play around with that idea KPRAD but was unable to get it to work. I was able to create groups on both ends and then add users to the groups but when I tried to add those groups to the domain admins group I couldn’t.
0
Jay_Jay70Commented:
have to make sure your domain is in native mode for group nesting to work
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.