2 Locations, 2 2003 DC's w/ Seperate Domain Names, Trusted 2-way. User Rights Question

Posted on 2006-03-23
Last Modified: 2010-04-18
I have 2 domain controllers at 2 locations

Location 1:

Location 2:

Connected to each other via routing and remote access as a demand dial interface via Business DSL.

Both domains are set to trust each other. I can access files from both domains and logon to desktops at each location with a single user account. The problem I'm having is for my administrators. When admin1.domain1.local logs onto domain2.local they act as if they are just a domain user. They have no administrative privileges. From what I have read and understand the domains just have to trust each other and any user will inherit their normal user account settings. Well both domains are trusting of each other and we can definitely see resources on both domains. What am I missing?
Question by:trilogynet
    LVL 12

    Expert Comment

    Are the admins from domain1 members of the domain admins, administrators,etc... groups on domain2?  (verify)

    Author Comment

    I added each user to the administrators group, but when I go to add admin1.domain1.local to the domain admins on domain2.local I am unable to select the domain1.local to pick users from.  
    LVL 13

    Accepted Solution


    this would not work, so the best way to achieve this would be by nesting groups.
    if i remember that correctly then you can create a universal group on domain1, add the domain admins group into that group. then on domain2 create a domain local group and nest the universal group into this domain local group. once thats done you should be able to add the domain local group to the domain admins group.

    i will confirm resolution when i can access my virtual server.
    LVL 12

    Expert Comment

    What kind of trust was created?  You may not have gave permissions for admin level.

    Here is an excellent walk through with plenty of explanations along the way, go over it and verify.

    Author Comment

    Well I tried to play around with that idea KPRAD but was unable to get it to work. I was able to create groups on both ends and then add users to the groups but when I tried to add those groups to the domain admins group I couldn’t.
    LVL 48

    Assisted Solution

    have to make sure your domain is in native mode for group nesting to work

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now