Is there anyway to accomplish the following:
Users in Forest A-Domain 1 need access to resources in Forest B Domain 1...
There is a one way trust between these domains....
ForestB Domain 1 - Trusts ForestA Domain 1
What I wanted to be able to do was add users in Forest A Domain 1 to a global group that exists in Forest B Domain 1... However, I can't see resources in Forest A Domain 1. I can add them by creating a Domain local group in Forest B Domain 1, but I cannot then add that Domain Local Group to the Global Group.
What I have come up with is creating the Domain Local Group in Forest B Domain 1, adding members to it from Forest A Domain 1 and then adding that domain local group to the local administrator group of the 5 servers that they need access to.
Is this the only way this will work or is there some other way.
Take into account that for legal reason there cannot be a two way trust established AND we can't establish a Forest Trust because ForestA is a Windows 2000 domain/Forest and Forest B is Native Windows 2003.