AD Trusts question

Hello Experts

We have two seperate forests in our organisation due to a merger.

Forest1 is named Company1, and the forest root has child domains of Child1 and Child2.

Forest2 is named Company2, and there is one domain - Company2.

There is a two way trust between Child1 and Company2. The trust is not transitive.

The IT Admins in Company2 need to access a resource in Child2....can they use a Child1 account (e.g. Child1\Admin) to access the resource from their forest?
Who is Participating?
PWeerakoonConnect With a Mentor Commented:
Yes, because in reality, Child1\Admin is accessing the Child2 domain. Company2 Active Directory doesn't even come into play here!

The admin maybe physically sitting at Company2 but he's using an account from Forest1 which has access to all the domains in that forest.

If the admin is using the account Company2\Admin to access a resource in Child2, then that would not work without transitive trusts.

Hope that makes sense.
AmericomConnect With a Mentor Commented:
It would be a bit messy to have IT Admins in company 1 to use an admin account from Child1 to access a server in Child2. Not sure exactly what resource, administration of DC in Child2?, rdp to a server in Child2? or simply accessing a share in a server belongs to Child2? Regardless, in order to have IT Admins in Company 1 to use an Admin account in Child1 to access server in Child2 is meaningless. If that's the case, why not just use an admin account in Child2, afterall, you are not using an account in Company2 anyway. If you are talking about IT administation, why not create a trust between child2 domain and company2 domain?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.