AD Trusts question

Hello Experts

We have two seperate forests in our organisation due to a merger.

Forest1 is named Company1, and the forest root has child domains of Child1 and Child2.

Forest2 is named Company2, and there is one domain - Company2.

There is a two way trust between Child1 and Company2. The trust is not transitive.

The IT Admins in Company2 need to access a resource in Child2....can they use a Child1 account (e.g. Child1\Admin) to access the resource from their forest?
LVL 3
kam_ukAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PWeerakoonCommented:
Yes, because in reality, Child1\Admin is accessing the Child2 domain. Company2 Active Directory doesn't even come into play here!

The admin maybe physically sitting at Company2 but he's using an account from Forest1 which has access to all the domains in that forest.

If the admin is using the account Company2\Admin to access a resource in Child2, then that would not work without transitive trusts.

Hope that makes sense.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AmericomCommented:
It would be a bit messy to have IT Admins in company 1 to use an admin account from Child1 to access a server in Child2. Not sure exactly what resource, administration of DC in Child2?, rdp to a server in Child2? or simply accessing a share in a server belongs to Child2? Regardless, in order to have IT Admins in Company 1 to use an Admin account in Child1 to access server in Child2 is meaningless. If that's the case, why not just use an admin account in Child2, afterall, you are not using an account in Company2 anyway. If you are talking about IT administation, why not create a trust between child2 domain and company2 domain?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.