One Way Trust for Windows Server, 2003 Standard

1.      We are implementing a test environment with two servers, both were set up to be Domain Controllers and DNS servers.  Assuming everything was set up as default configuration using MS server role wizard, what else need to be done before a One-Way Trust relationship can be created between these two servers?  (1st servers DNS name is test.internal, 2nd servers DNS name is test.external)
bobstitsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jay_Jay70Commented:
its fairly simple actually, read this for Trusts....
http://technet.microsoft.com/en-au/library/bb727050.aspx

And dont forget conditional forwarding, thats pretty much the key with 2003 server
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

If there is a firewall involved at all INCLUDING windows firewall you will need to match this
http://support.microsoft.com/?id=179442

Any problems give me a yell
0
bobstitsAuthor Commented:
We got both Domain Controllers(DNS Servers) setup with conditional forwarders pointing to each others.  The One-way trust was set up so one can use resources on the other domain.  For example:  internal.local<===external.local (External trusts Internal)

Technically, an administrator from External CANNOT access all the resources on Internal.  Is there a security permission that needs to be set to only allow users from Internal to use resources on both domains and restrict access on External users to only resources in its domain?  (including EventLogs, Services, C drive, etc)

0
Jay_Jay70Commented:
ahhh you will probably need to grant users from the trusted domains, permissions in the trusting domain....that should fix that up
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

bobstitsAuthor Commented:
Okay, before I grant users any permissions.  I may have set up the one-way trust incorrectly.  The test environment is to implement two separate forest and to create a one way trust so the administrators from one end can have full control of both forests.  1)  Internal forest, which should have full access to both forests.  2)  External forest, which should not have access to Internal except itself.

How should the one-way trust be pointing?  Internal==>External(Internal is trusted and External is trusting) or Internal<==External(Internal is trusting and External is trusted)??
0
Jay_Jay70Commented:
you need to configure the internal forest to be trusting of the external forest

Internal (==>trusts) external
0
bobstitsAuthor Commented:
Yes, the trust was implemented so Internal (===>trusts) External.  I have validated the trust and it has validated successfully.  

I wanted to grant users(administrator) from the trusted domains (Internal) permissions in the trusting domain (External).  The problem arrives when i tried to add the "administrator" from Internal to Domain Admins group in External.  The option was not available to select Internal domain to add "administrator."  

I was able to add "administrator" from Internal to Administrators group in External's Builtin OU.  Why can't I do the same when I wanted for Domain Admins group in External?  
0
Jay_Jay70Commented:
you cant add users from another forest into a global group, only universal and domain local
0
bobstitsAuthor Commented:
Thank you for your help!  The trust has been configured, there is a few things i can adjust to make it easier to manage the groups.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.