Solved

AD Trusts question

Posted on 2009-07-01
2
152 Views
Last Modified: 2012-05-07
Hello Experts

We have two seperate forests in our organisation due to a merger.

Forest1 is named Company1, and the forest root has child domains of Child1 and Child2.

Forest2 is named Company2, and there is one domain - Company2.

There is a two way trust between Child1 and Company2. The trust is not transitive.

The IT Admins in Company2 need to access a resource in Child2....can they use a Child1 account (e.g. Child1\Admin) to access the resource from their forest?
0
Comment
Question by:kam_uk
2 Comments
 
LVL 6

Accepted Solution

by:
PWeerakoon earned 300 total points
ID: 24759639
Yes, because in reality, Child1\Admin is accessing the Child2 domain. Company2 Active Directory doesn't even come into play here!

The admin maybe physically sitting at Company2 but he's using an account from Forest1 which has access to all the domains in that forest.

If the admin is using the account Company2\Admin to access a resource in Child2, then that would not work without transitive trusts.

Hope that makes sense.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 200 total points
ID: 24767474
It would be a bit messy to have IT Admins in company 1 to use an admin account from Child1 to access a server in Child2. Not sure exactly what resource, administration of DC in Child2?, rdp to a server in Child2? or simply accessing a share in a server belongs to Child2? Regardless, in order to have IT Admins in Company 1 to use an Admin account in Child1 to access server in Child2 is meaningless. If that's the case, why not just use an admin account in Child2, afterall, you are not using an account in Company2 anyway. If you are talking about IT administation, why not create a trust between child2 domain and company2 domain?
0

Join & Write a Comment

My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now